[ovirt-users] Re: how fix tail -f /var/log/openvswitch/ovn-controller.log 2024-02-19T15:26:43.908Z|27300|stream_ssl|WARN|SSL_connect: error:14090086:SSL
Clearly it was not successfully renewed -- or the renewed certificate is not being used. Did you restart the services after certificate renewal? -derek On Mon, February 19, 2024 11:38 am, oscar.l...@toshibagcs.com wrote: > HI derek thanks for reach to me, yes this CERT expired and was renew but > still show me this issues what I need to do ? > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/VLJXXZ3RWTU6GNCH2YOWM6FPDT3DQHDE/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/22RVG6NSLOOIGH5QWGHSYSB44LDIMGXP/
[ovirt-users] Re: how fix tail -f /var/log/openvswitch/ovn-controller.log 2024-02-19T15:26:43.908Z|27300|stream_ssl|WARN|SSL_connect: error:14090086:SSL
Did some certificate expire? -derek On Mon, February 19, 2024 11:21 am, oscar.l...@toshibagcs.com wrote: > hi good day: > > im updated list time the ovirt certificate but a storage domain under > ovirt can' t start show, activating and after some minutes again show > "inactive" and under line command show this issues, could you help me to > resolve thanks > > # tail -f /var/log/openvswitch/ovn-controller.log > 2024-02-19T15:26:43.908Z|27300|stream_ssl|WARN|SSL_connect: > error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify > failed > 2024-02-19T15:26:51.918Z|27301|stream_ssl|WARN|SSL_connect: > error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify > failed > 2024-02-19T15:26:59.928Z|27302|stream_ssl|WARN|SSL_connect: > error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify > failed > 2024-02-19T15:27:07.938Z|27303|stream_ssl|WARN|SSL_connect: > error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify > failed > 2024-02-19T15:27:15.948Z|27304|stream_ssl|WARN|SSL_connect: > error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify > failed > 2024-02-19T15:27:23.958Z|27305|stream_ssl|WARN|SSL_connect: > error:14090086:SSL > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/CHEMHYZMVYSPNVUUOOM3KSCNAUA46XYA/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/XOQUWJHP2QKMHMF7SGWIJCAINEF6NNFN/
[ovirt-users] Re: Certificates expired...
Did you restart vdsm after updating the certs? -derek On Fri, August 4, 2023 2:12 pm, Jason P. Thomas wrote: > I updated the VDSM certs on the hosts and the apache cert on the > engine. I'm guessing something is wrong with however the engine > interacts with vdsm, I just don't know exactly what to do about it. > > Jason > > On 8/4/23 14:00, Derek Atkins wrote: >> Sounds like the Host Certs need to be updated.. Or possibly even the >> Engine CA Cert. >> >> -derek >> >> On Fri, August 4, 2023 1:45 pm, Jason P. Thomas wrote: >>> Konstantin, >>> Right after I sent the email I got the engine running. The >>> libvirt-spice certs had incorrect ownership. It still is not >>> connecting >>> to anything. Error in Events on the Engine is now: "VDSM >>> command Get Host Capabilities failed: General SSLEngine >>> problem" >>> >>> So status right now is, all VMs are running. Engine web ui is >>> accessible. Engine shows all hosts as unassigned or Connecting or >>> NonResponsive with repeated entries of the above error in Events. >>> >>> Sincerely, >>> Jason >>> >>> On 8/4/23 13:08, konstantin.volenbovskyi--- via Users wrote: >>>>> Now the engine won't start at all and I'm afraid I'm one power outage >>>>> away from complete disaster. I need to keep the old location up and >>>>> functioning for another 4-6 months, so any insights would be greatly >>>>> appreciated. >>>> Hi, >>>> >>>> 'engine won't start at all' can mean two things: >>>> >>>> 1) OS can't boot and thus you can't do SSH. Assuming that we are >>>> talking >>>> self-hosted engine, then you need to use command like below on host >>>> that >>>> runs ovengine VM (virsh -c >>>> qemu:///system?authfile=/etc/ovirt-hosted-engine/virsh_auth.conf list >>>> and hosted-engine --vm-status might be helpful, VM should at least >>>> start >>>> to boot in order for you to achieve connectivity via console): >>>> hosted-engine --add-console-password --password=somepassword >>>> and then connect via VNC to IP that you will see in output and >>>> password >>>> that you used >>>> >>>> 2) ovirt-engine service can't start >>>> In that case it is likely that you will find reason of that in >>>>journalctl -u ovirt-engine --no-pager >>>> (/var/log/ovirt-engine/engine.log) >>>> >>>> BR, >>>> Konstantin >>>> ___ >>>> Users mailing list -- users@ovirt.org >>>> To unsubscribe send an email to users-le...@ovirt.org >>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html >>>> oVirt Code of Conduct: >>>> https://www.ovirt.org/community/about/community-guidelines/ >>>> List Archives: >>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/PL4Q64G6IFUUW5TYVJWSMMIMXHBT3SSD/ >>> ___ >>> Users mailing list -- users@ovirt.org >>> To unsubscribe send an email to users-le...@ovirt.org >>> Privacy Statement: https://www.ovirt.org/privacy-policy.html >>> oVirt Code of Conduct: >>> https://www.ovirt.org/community/about/community-guidelines/ >>> List Archives: >>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/H3M4O4TN67NZZPVXGPTO6CEBFEM47LET/ >>> >> > > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/DIQODHBIEPRP4BO7EABLM4ANFQ6SEADC/
[ovirt-users] Re: Certificates expired...
Sounds like the Host Certs need to be updated.. Or possibly even the Engine CA Cert. -derek On Fri, August 4, 2023 1:45 pm, Jason P. Thomas wrote: > Konstantin, > Right after I sent the email I got the engine running. The > libvirt-spice certs had incorrect ownership. It still is not connecting > to anything. Error in Events on the Engine is now: "VDSM > command Get Host Capabilities failed: General SSLEngine > problem" > > So status right now is, all VMs are running. Engine web ui is > accessible. Engine shows all hosts as unassigned or Connecting or > NonResponsive with repeated entries of the above error in Events. > > Sincerely, > Jason > > On 8/4/23 13:08, konstantin.volenbovskyi--- via Users wrote: >>> Now the engine won't start at all and I'm afraid I'm one power outage >>> away from complete disaster. I need to keep the old location up and >>> functioning for another 4-6 months, so any insights would be greatly >>> appreciated. >> Hi, >> >> 'engine won't start at all' can mean two things: >> >> 1) OS can't boot and thus you can't do SSH. Assuming that we are talking >> self-hosted engine, then you need to use command like below on host that >> runs ovengine VM (virsh -c >> qemu:///system?authfile=/etc/ovirt-hosted-engine/virsh_auth.conf list >> and hosted-engine --vm-status might be helpful, VM should at least start >> to boot in order for you to achieve connectivity via console): >> hosted-engine --add-console-password --password=somepassword >> and then connect via VNC to IP that you will see in output and password >> that you used >> >> 2) ovirt-engine service can't start >> In that case it is likely that you will find reason of that in >> journalctl -u ovirt-engine --no-pager >> (/var/log/ovirt-engine/engine.log) >> >> BR, >> Konstantin >> ___ >> Users mailing list -- users@ovirt.org >> To unsubscribe send an email to users-le...@ovirt.org >> Privacy Statement: https://www.ovirt.org/privacy-policy.html >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/PL4Q64G6IFUUW5TYVJWSMMIMXHBT3SSD/ > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/H3M4O4TN67NZZPVXGPTO6CEBFEM47LET/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/5DGIFQYAZYOT77XHNYJZMBJ2TBG6W73V/
[ovirt-users] Re: Non responsive host (4.3.10)
Have you tried physically rebooting the host? Plug in a monitor and see what it says? -derek Sent using my mobile device. Please excuse any typos. On May 28, 2023 06:46:12 "Maria Souvalioti" wrote: Hello everyone! Due to a recent major power outage in my area I now have an unresponsive self hosted host in an environment of 3 self hosted hosts. There's one vm stuck on there as well as some metadata I guess from when hosted engine was running there (before the power went down). I'm running 4.3.10 ovirt node with 3 nodes and GlusterFS, no arbiter, and I'm using it to provide services to our clients i.e. DNS, web sites, wikis, ticketing etc. and I cannot shut them down. The ovirt engine is up and running and I can manage all the other VMs that run on the other hosts through the web gui. The unresponsive host replies only to ICMP requests; in every other sense it's dead, no ssh, no gluster bricks, no console, nothing. I tried to place the faulty host in maintenance, using the option to stop glusterd, but wasn't able to as the engine won't let the host go into maintenance mode because it thinks the host has running VMs on it. The host won't go into maintenance even if I chose the "Ignore gluster quorum and self-heal validations" option. I spent last week creating a backup environment were I copied the VMs, to have somewhere to run them in case something goes terribly wrong with the systems or the gluster in the production system. I'm thinking of using the global maintenance mode and then shutting down the engine itself with *hosted-engine --vm-shutdown* and rebooting the affected host. Should I remove the host from the cluster and then re-add it or should I do something else? Thanks for any of your help! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HWKO7GN3PB6X5WG4MZ67CEAY5FECQLIQ/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3ZYUTTPPS6AII4U6DEYW3IOLKPUQJRVG/
[ovirt-users] Re: VM Disk extend not reflected in VM oS
Hi, On Fri, February 25, 2022 9:10 am, si...@justconnect.ie wrote: > CentOS 7 - VirtIO_SCSI > Disk is pre-allocated and is the OS disk. Did you try rebooting? -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7CMYRNDPJ26ZBC4HQPX4NBRSXV4PAZEF/
[ovirt-users] Re: Gluster Performance issues
Have you verified that you're actually getting 10Gbps between the hosts? -derek On Wed, February 23, 2022 9:02 am, Alex Morrison wrote: > Hello Derek, > > We have a 10Gig connection dedicated to the storage network, nothing else > is on that switch. > > On Wed, Feb 23, 2022 at 9:49 AM Derek Atkins wrote: > >> Hi, >> >> Another question which I don't see answered: What is the underlying >> connectivity between the Gluster hosts? >> >> -derek >> >> On Wed, February 23, 2022 8:39 am, Alex Morrison wrote: >> > Hello Sunil, >> > >> > [root@ovirt1 ~]# gluster --version >> > glusterfs 8.6 >> > >> > same on all hosts >> > >> > On Wed, Feb 23, 2022 at 5:24 AM Sunil Kumar Heggodu Gopala Acharya < >> > shegg...@redhat.com> wrote: >> > >> >> Hi, >> >> >> >> Which version of gluster is in use? >> >> >> >> Regards, >> >> >> >> Sunil kumar Acharya >> >> >> >> Red Hat >> >> >> >> <https://www.redhat.com> >> >> >> >> T: +91-8067935170 >> >> <http://redhatemailsignature-marketing.itos.redhat.com/> >> >> >> >> <https://red.ht/sig> >> >> TRIED. TESTED. TRUSTED. <https://redhat.com/trusted> >> >> >> >> >> >> >> >> On Wed, Feb 23, 2022 at 2:17 PM Alex Morrison >> >> >> wrote: >> >> >> >>> Hello All, >> >>> >> >>> We have 3 servers with a raid 50 array each, we are having extreme >> >>> performance issues with our gluster, writes on gluster seem to take >> at >> >>> least 3 times longer than on the raid directly. Can this be >> improved? >> >>> I've >> >>> read through several other performance issues threads but have been >> >>> unable >> >>> to make any improvements >> >>> >> >>> "gluster volume info" and "gluster volume profile vmstore info" is >> >>> below >> >>> >> >>> >> >>> >> = >> >>> >> >>> -Inside Gluster - test took 35+ hours: >> >>> [root@ovirt1 1801ed24-5b55-4431-9813-496143367f66]# bonnie++ -d . -s >> >>> 600G -n 0 -m TEST -f -b -u root >> >>> Using uid:0, gid:0. >> >>> Writing intelligently...done >> >>> Rewriting...done >> >>> Reading intelligently...done >> >>> start 'em...done...done...done...done...done... >> >>> Version 1.98 --Sequential Output-- --Sequential >> Input- >> >>> --Random- >> >>> -Per Chr- --Block-- -Rewrite- -Per Chr- >> --Block-- >> >>> --Seeks-- >> >>> Name:Size etc/sec %CP /sec %CP /sec %CP /sec %CP /sec >> %CP >> >>> /sec %CP >> >>> TEST 600G 35.7m 17 5824k 7112m >> 13 >> >>> 182.7 6 >> >>> Latency5466ms 12754ms 3499ms >> >>> 1589ms >> >>> >> >>> >> >>> >> 1.98,1.98,TEST,1,1644359706,600G,,8192,5,,,36598,17,5824,7,,,114950,13,182.7,6,,,5466ms,12754ms,,3499ms,1589ms,, >> >>> >> >>> >> >>> >> = >> >>> >> >>> -Outside Gluster - test took 18 minutes: >> >>> [root@ovirt1 1801ed24-5b55-4431-9813-496143367f66]# bonnie++ -d . -s >> >>> 600G -n 0 -m TEST -f -b -u root >> >>> Using uid:0, gid:0. >> >>> Writing intelligently...done >> >>> Rewriting...done >> >>> Reading intelligently...done >> >>> start 'em...done...done...done...done...done... >> >>> Version 1.98 --Sequential Output-- --Sequential >> Input- >> >>> --Random- >> >>> -Per Chr- --Block-- -Rewrite- -Per Chr- >> --Block-- >> >>> --Seeks-- >> >>> Name:Size etc/sec %CP /sec %CP /sec %CP /sec %CP /sec >> %CP >> >>> /sec %CP >> >>> TEST
[ovirt-users] Re: Gluster Performance issues
262144b+ 524288b+ >>> 1048576b+ >>> No. of Reads:911 >>> 40269 >>> No. of Writes:520 >>> 50757 >>> >>> %-latency Avg-latency Min-Latency Max-Latency No. of calls >>> Fop >>> - --- --- --- >>> >>> 0.00 0.00 us 0.00 us 0.00 us 7629 >>> FORGET >>> 0.00 0.00 us 0.00 us 0.00 us 228577 >>> RELEASE >>> 0.00 0.00 us 0.00 us 0.00 us 41524 >>> RELEASEDIR >>> 0.00 374.22 us 219.35 us 574.87 us 96 >>> LINK >>> 0.001712.22 us 164.90 us 22337.79 us 41 >>> DISCARD >>> 0.002840.25 us 245.24 us 46839.63 us 26 >>> RMDIR >>> 0.003660.92 us 229.86 us 86252.56 us 35 >>> FALLOCATE >>> 0.00 876.48 us 297.53 us 16685.63 us188 >>> RENAME >>> 0.006660.10 us 379.21 us 52962.79 us 34 >>> MKDIR >>> 0.00 957.48 us 80.36 us 218059.88 us355 >>> REMOVEXATTR >>> 0.001234.85 us 76.50 us 322955.27 us355 >>> SETXATTR >>> 0.002326.62 us 84.07 us 250041.25 us196 >>> STAT >>> 0.009660.45 us 289.50 us 295106.01 us 87 >>> TRUNCATE >>> 0.00 486.10 us 24.12 us 869966.79 us 5260 >>>LK >>> 0.00 453.69 us 18.32 us 426653.18 us 8135 >>> READDIR >>> 0.001832.38 us 296.61 us 261299.81 us 5050 >>> CREATE >>> 0.00 386.77 us 1.31 us 1300836.12 us 41524 >>> OPENDIR >>> 0.00 712.06 us 29.85 us 1441115.02 us 34874 >>> READDIRP >>> 0.011469.51 us 231.67 us 440065.71 us 22845 >>> MKNOD >>> 0.01 44229.36 us 75.58 us 1803963.42 us871 >>> FTRUNCATE >>> 0.01 84433.20 us 149.47 us 3614869.24 us 1001 >>> SETATTR >>> 0.02 418.11 us 13.39 us 3515000.81 us 243820 >>> FLUSH >>> 0.031108.47 us 14.77 us 1658743.41 us 130647 >>> GETXATTR >>> 0.03 562.86 us 26.74 us 5043949.33 us 297799 >>> STATFS >>> 0.03 845.50 us 48.16 us 1998938.03 us 223680 >>> OPEN >>> 0.052236.13 us 56.08 us 5295998.22 us 120682 >>> XATTROP >>> 0.16 890.82 us 43.51 us 3653292.88 us1012585 >>> FSTAT >>> 0.342974.20 us 12.92 us 7782497.74 us 642555 >>> ENTRYLK >>> 0.47 135831.21 us 70.35 us 11033867.90 us 19800 >>> UNLINK >>> 0.57 954.05 us 21.50 us 4553393.38 us3414605 >>> LOOKUP >>> 1.79 14461.54 us 13.45 us 32841452.98 us 702915 >>> INODELK >>> 5.148014.78 us 40.70 us 5439109.56 us3644063 >>> READ >>> 5.37 443.04 us 11.53 us 32863652.53 us 68909131 >>> FINODELK >>> 22.311780.31 us 33.59 us 11318712.62 us 71235991 >>> FXATTROP >>> 22.831571.16 us 74.86 us 32615055.19 us 82622840 >>> WRITE >>> 40.842762.75 us 52.77 us 8859115.35 us 84039509 >>> FSYNC >>> 0.00 0.00 us 0.00 us 0.00 us 95492 >>> UPCALL >>> >>> Duration: 484169 seconds >>>Data Read: 167149718723 bytes >>> Data Written: 1177141649872 bytes >>> >>> Interval 43 Stats: >>>Block Size: 1b+ 256b+ >>> 512b+ >>> No. of Reads:0 6 >>> 4 >>> No. of Writes: 12 4 >>> 252 >>> >>>Block Size: 1024b+2048b+ >>> 4096b+ >>> No. of Reads:0 0 >>> 5668 >>> No. of Writes: 10034 >>> 147357 >>> >>>Block Size: 8192b+ 16384b+ >>> 32768b+ >>> No. of Reads: 1178 783 >>> 1215 >>> No. of Writes:86014 17318 >>> 8687 >>> >>>Block Size: 65536b+ 131072b+ >>> No. of Reads: 264 4109 >>> No. of Writes: 8617 36317 >>> %-latency Avg-latency Min-Latency Max-Latency No. of calls >>> Fop >>> - --- --- --- >>> >>> 0.00 0.00 us 0.00 us 0.00 us 16 >>> FORGET >>> 0.00 0.00 us 0.00 us 0.00 us665 >>> RELEASE >>> 0.00 0.00 us 0.00 us 0.00 us 52 >>> RELEASEDIR >>> 0.00 866.18 us 849.57 us 882.78 us 2 >>> TRUNCATE >>> 0.001016.14 us 868.35 us1182.48 us 4 >>> RENAME >>> 0.00 455.65 us 41.13 us1679.37 us 20 >>> READDIR >>> 0.00 373.33 us 173.54 us 538.40 us 28 >>> UNLINK >>> 0.00 722.01 us 635.91 us 853.71 us 16 >>> CREATE >>> 0.00 335.52 us 38.15 us1381.97 us 54 >>> READDIRP >>> 0.00 39218.92 us 214.34 us 78223.50 us 2 >>> STAT >>> 0.001730.77 us 2.59 us 84964.69 us 52 >>> OPENDIR >>> 0.001304.96 us 393.64 us 29724.09 us 80 >>> MKNOD >>> 0.01 422.75 us 22.85 us 134336.60 us635 >>> FLUSH >>> 0.01 699.21 us 37.54 us 137813.64 us732 >>> STATFS >>> 0.01 468.63 us 23.71 us 260961.83 us 1141 >>> ENTRYLK >>> 0.042041.83 us 69.80 us 163743.98 us649 >>> OPEN >>> 0.081253.65 us 72.52 us 290508.15 us 2354 >>> FSTAT >>> 0.096913.19 us 69.01 us 212479.24 us472 >>> XATTROP >>> 0.133558.26 us 32.70 us 195896.10 us 1317 >>> INODELK >>> 0.139793.37 us 36.11 us 212755.58 us499 >>> GETXATTR >>> 0.341615.15 us 55.42 us 711310.28 us 7797 >>> LOOKUP >>> 4.92 13025.92 us 59.83 us 1061585.06 us 13884 >>> READ >>> 5.26 955.95 us 16.81 us 1069148.49 us 202174 >>> FINODELK >>> 23.282809.44 us 137.21 us 1134076.13 us 304713 >>> WRITE >>> 26.464124.05 us 43.30 us 1142167.27 us 235954 >>> FXATTROP >>> 39.235195.62 us 65.47 us 1250469.35 us 277632 >>> FSYNC >>> 0.00 0.00 us 0.00 us 0.00 us365 >>> UPCALL >>> >>> Duration: 1132 seconds >>>Data Read: 668951066 bytes >>> Data Written: 7495356076 bytes >>> ___ >>> Users mailing list -- users@ovirt.org >>> To unsubscribe send an email to users-le...@ovirt.org >>> Privacy Statement: https://www.ovirt.org/privacy-policy.html >>> oVirt Code of Conduct: >>> https://www.ovirt.org/community/about/community-guidelines/ >>> List Archives: >>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/G3G5HNX3P2Z5E5KWH43KYWX7AP3H5JO7/ >>> >> > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/NKMZYE6EC3IVLFN7YHB3YFHQJIOT4SF2/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/ADAGLM43M2ARUXQS727BHZZPVYJI2XMX/
[ovirt-users] Re: RHGS and RHV closing down: could you please put that on the home page?
Hmm. So if Gluster is being deprecated, what is it being replaced with? Also, Nir did ask if this also applies to ovirt -- would be interesting to see the response to that question. -derek On Fri, February 4, 2022 10:05 am, Thomas Hoberg wrote: > I just read this message: > https://bugzilla.redhat.com/show_bug.cgi?id=2016359 > > I am shocked but not surprised. And very, very sad. > > But I believe this decision needs to be communicated more prominently, as > people should not get aboard a project already axed. > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/RMWAAOUJXYPGWCEAHAESV6IHQWIF3CTI/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/4EQM34RRASBQITSHFONIGQJAMVEZVPXQ/
[ovirt-users] Re: oVirt and log4j vulnerability
On Mon, December 13, 2021 8:04 am, Gianluca Cecchi wrote: >> > If I understood correctly reading here: > https://blog.qualys.com/vulnerabilities-threat-research/2021/12/10/apache-log4j2-zero-day-exploited-in-the-wild-log4shell > > you are protected by the RCE if java is 1.8 and greater than 1.8.121 > (released on 2017) Do you mean 1.8.0.121? For example, my system has: java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64 -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/32PPOVQZRSIMCQMPVKZAKRZITIGGZ774/
[ovirt-users] Re: Help installing oVirt on single machine, without cockpit
HI, On Wed, December 8, 2021 1:16 am, cameronsplaze...@gmail.com wrote: > I'm trying to install both the oVirt engine (so I have the API), and > hypervisor on the same machine. I'm hoping I don't need cockpit, and I can > write some custom scripts to manage oVirt through the API. I tried a > couple ways, and both were blocked: > > # on CentOS 9 stream, installing oVirt engine: I presume you mean CentOS *8* stream?? > On a fresh CentOS install, tried following the directions > [here](https://www.ovirt.org/documentation/installing_ovirt_as_a_standalone_manager_with_local_databases/#Installing_RHEL_for_RHVM_SM_localDB_deploy). > They failed at step 3.2, when adding the modules (missing groups or > modules). Tried skipping it, but step 3.3.2 failed when running `dnf > install ovirt-engine`, package couldn't be found. The closest package I > see is `ovirt-hosted-engine-setup-2.5.4-1.el9.noarch`. Is that what I > want? These are the wrong instructions. This is how to set up the engine on its own machine; you need to set up the *host* with hosted-engine. Try looking at https://www.ovirt.org/documentation/installing_ovirt_as_a_self-hosted_engine_using_the_command_line/index.html So following the correct instructions, you will eventually need to install the engine setup RPM and then run: hosted-engine --deploy That will set up the host with the hosted-engine VM. Then you'll need to get into that VM and set up the engine within the engine VM. > # On oVirt node, installing engine: > Couldn't get the networking working, even though I added it during the > install process. Also tried wired connection, and no luck. Blocked early > on, but read this was SUPER minimal anyway, so maybe this wasn't the right > path. ALWAYS USE WIRED NETWORKING for services. > I'm just trying to have a working API, along side the hypervisor to run > vm's, both on the same machine. I'm down to go a third way too, if anyone > has any ideas. Thanks! I'm not sure what you're trying to do here. If you just want API support, you could just script virtsh (over ssh if necessary). I wouldn't install ovirt just to get API support for VMs; it's way overkill for that. In my mind, the role of ovirt is to provide web-based access (management and console) to VMs for a team of distributed users without requiring shell access to the host system. -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/UDVILQY2T65MXHG4UW4B6B242L2LVZRQ/
[ovirt-users] Re: Change host IP on VM
When I did it, I set the SpiceProxyDefault Engine configuration option. (Use engine-config -s SpiceProxyDefault=http://public-ip:port) -derek On Tue, November 9, 2021 7:04 am, Staniforth, Paul wrote: > > Hello, >you could create a separate display network or install a spice > proxy. > > Regards, > > Paul S. > > From: sekevgeni...@gmail.com > Sent: 09 November 2021 11:43 > To: users@ovirt.org > Subject: [ovirt-users] Change host IP on VM > > Caution External Mail: Do not click any links or open any attachments > unless you trust the sender and know that the content is safe. > > Hi, can you please help me? > I deployed ovirt on an AWS instance, created a vm but during generation > .vv the file, an private IP is put in the host field instead of an public > one, which is why the remote-viewer does not connect to the vm. If I > change the host from an private IP to an public one, then everything > works. Where and how can I change this field ? > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fprivacy-policy.htmldata=04%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C1c65d72e33db43c5a2e408d9a37656ee%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637720551649833690%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=53XdLNrDyMGXsp3HVnRJOnUZp8VF9%2BKU32%2Bjv0pgJXQ%3Dreserved=0 > oVirt Code of Conduct: > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fcommunity%2Fabout%2Fcommunity-guidelines%2Fdata=04%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C1c65d72e33db43c5a2e408d9a37656ee%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637720551649833690%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=R8u2yemIxzxTwQnwmIs736kVnM9YrmX9INeWNUtj7lk%3Dreserved=0 > List Archives: > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ovirt.org%2Farchives%2Flist%2Fusers%40ovirt.org%2Fmessage%2FGXH32TYV5UW34YGHXFMK7OEMPQY6UVSX%2Fdata=04%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C1c65d72e33db43c5a2e408d9a37656ee%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637720551649833690%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=qdQGLVTyFb5TSSdWSyeBdfFvO9hkQfccFEwPVJyjeFs%3Dreserved=0 > To view the terms under which this email is distributed, please go to:- > https://leedsbeckett.ac.uk/disclaimer/email > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/O6FI5TTDF7L6LR3NWERWPYXGATHKUYG7/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/JTEPY52UNY4XFRYEWUYKXX52G3HREC5O/
[ovirt-users] Re: IPv6 Support
I have dual stack VMs in my deployment and it works fine. I suspect this is talking about the engine and host infrastructure. -derek Sent using my mobile device. Please excuse any typos. On June 27, 2021 6:47:59 AM David White via Users wrote: Hello, Reading https://www.ovirt.org/documentation/administration_guide/index.html#IPv6-networking-support-labels, I see this tidbit: Dual-stack addressing, IPv4 and IPv6, is not supported Switching clusters from IPv4 to IPv6 is not supported. If I'm understanding this correctly... does that mean I cannot run some VMs with IPv4, and other VMs with IPv6, in the same cluster? If so, that's incredibly disappointing and frustrating. Is Dual-stack addressing a possible feature request? IPv4 addresses are expensive... and I have a couple of customers who only needs IPv6, so would really prefer to avoid having to pay for IPv4 addresses for them. Sent with ProtonMail Secure Email. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/FV227ZTU23ETBCXSPJITWHASFPECFW6U/
[ovirt-users] Re: Import to VMware
A quick google search yielded https://blog.ktz.me/migrate-qcow2-images-from-kvm-to-vmware/ -derek On Fri, May 21, 2021 10:34 am, Darin Schmidt wrote: > Correct, because in the xml it's saying the format is a link to a we > address that technically doesn't exist. > > So perhaps I just need to find a way to convert the disk to vmdk then > > On Fri, May 21, 2021, 10:22 AM Derek Atkins wrote: > >> HI, >> >> On Fri, May 21, 2021 9:57 am, Darin Schmidt wrote: >> > Ok then, could there be something wrong with my ova backup because the >> ovf >> > is only 19kb and the other "file" is 3.8G? When I try to untar the ovf >> it >> > says it doesn't look like a tar file. >> >> The 3.8G file is your disk image. The OVF file is XML. >> The error seems to be that vmware does not recognize the disk type. >> The xml being 19k doesn't seem wrong at all (although it does sound a >> little big). >> >> -derek >> >> > On Fri, May 21, 2021, 9:06 AM Vojtech Juranek >> wrote: >> > >> >> On Friday, 21 May 2021 13:50:15 CEST Darin Schmidt wrote: >> >> > I believe you are partially right? Originally it was an OVA file. I >> >> > uncompressed the file which gave me another file and the vm.ovf. >> The >> >> OVF >> >> > file appears to be only an xml file? Or are you saying I can also >> >> > uncompressed the ovf file as well like I did the OVA? >> >> >> >> yes, OVA is tar archive of OVF directory (see e.g. [1]) and OVF is >> again >> >> tar >> >> archive of one XML descriptor and VM disks, so you should be able to >> get >> >> the >> >> VM disk this way >> >> >> >> [1] https://fileinfo.com/extension/ova >> >> >> >> > >> >> > On Fri, May 21, 2021, 2:39 AM Vojtech Juranek >> >> wrote: >> >> > > On Thursday, 20 May 2021 22:58:22 CEST Darin Schmidt wrote: >> >> > > > Hello, >> >> > > > >> >> > > > Ive exported an OVA of a server we had made on OVIRT and Im >> trying >> >> to >> >> > > >> >> > > import >> >> > > >> >> > > > it to VMware. Its complaining that the ovf:format is incorrect. >> >> > > > >> >> > > > ovf:format="http://www.gnome.org/~markmc/qcow-image-format.html; >> >> > > > >> >> > > > That link doesnt resolve to anywhere because it appears its now >> >> > > > http://people.gnome.org/~markmc/qcow-image-format.html >> >> > > > >> >> > > > But I dont know whats supposed to go there nor have I been able >> to >> >> > > > locate >> >> > > > anything to help solve this issue. All I really need is access >> to >> >> the >> >> > > >> >> > > files >> >> > > >> >> > > > in the, what I assume is, vdmk file that comes along with the >> ovf >> >> file, >> >> > > > which mine is called: 154b3d77-d340-4d24-a448-66265c5fb613 >> >> > > > >> >> > > > So if anything, is there a way to open this vm disk so I can >> gain >> >> access >> >> > > >> >> > > to >> >> > > >> >> > > > the files? >> >> > > >> >> > > OVF file is just a tar archive with disks and XML descriptor. So >> >> untar >> >> the >> >> > > OVF >> >> > > file should work. >> >> > > >> >> > > > Thanks >> >> > > > ___ >> >> > > > Users mailing list -- users@ovirt.org >> >> > > > To unsubscribe send an email to users-le...@ovirt.org >> >> > > > Privacy Statement: https://www.ovirt.org/privacy-policy.html >> >> > > > oVirt Code of Conduct: >> >> > > > https://www.ovirt.org/community/about/community-guidelines/ >> List >> >> > > >> >> > > Archives: >> >> > > >> >> > > >> >> >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3YAA7Z3SLLDX >> >> > > 4 >> >> > > >> >> > > > GBW6EXPGNOII3OGRYJF/ >> >> >> >> >> > ___ >> > Users mailing list -- users@ovirt.org >> > To unsubscribe send an email to users-le...@ovirt.org >> > Privacy Statement: https://www.ovirt.org/privacy-policy.html >> > oVirt Code of Conduct: >> > https://www.ovirt.org/community/about/community-guidelines/ >> > List Archives: >> > >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/HPGLXQNVYG33VQKH3KEIMTN2WDTXIHZ6/ >> > >> >> >> -- >>Derek Atkins 617-623-3745 >>de...@ihtfp.com www.ihtfp.com >>Computer and Internet Security Consultant >> >> > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/U2WTDQ7UOBVTMQFIK5ZIKH32SPMNJNEX/
[ovirt-users] Re: Import to VMware
HI, On Fri, May 21, 2021 9:57 am, Darin Schmidt wrote: > Ok then, could there be something wrong with my ova backup because the ovf > is only 19kb and the other "file" is 3.8G? When I try to untar the ovf it > says it doesn't look like a tar file. The 3.8G file is your disk image. The OVF file is XML. The error seems to be that vmware does not recognize the disk type. The xml being 19k doesn't seem wrong at all (although it does sound a little big). -derek > On Fri, May 21, 2021, 9:06 AM Vojtech Juranek wrote: > >> On Friday, 21 May 2021 13:50:15 CEST Darin Schmidt wrote: >> > I believe you are partially right? Originally it was an OVA file. I >> > uncompressed the file which gave me another file and the vm.ovf. The >> OVF >> > file appears to be only an xml file? Or are you saying I can also >> > uncompressed the ovf file as well like I did the OVA? >> >> yes, OVA is tar archive of OVF directory (see e.g. [1]) and OVF is again >> tar >> archive of one XML descriptor and VM disks, so you should be able to get >> the >> VM disk this way >> >> [1] https://fileinfo.com/extension/ova >> >> > >> > On Fri, May 21, 2021, 2:39 AM Vojtech Juranek >> wrote: >> > > On Thursday, 20 May 2021 22:58:22 CEST Darin Schmidt wrote: >> > > > Hello, >> > > > >> > > > Ive exported an OVA of a server we had made on OVIRT and Im trying >> to >> > > >> > > import >> > > >> > > > it to VMware. Its complaining that the ovf:format is incorrect. >> > > > >> > > > ovf:format="http://www.gnome.org/~markmc/qcow-image-format.html; >> > > > >> > > > That link doesnt resolve to anywhere because it appears its now >> > > > http://people.gnome.org/~markmc/qcow-image-format.html >> > > > >> > > > But I dont know whats supposed to go there nor have I been able to >> > > > locate >> > > > anything to help solve this issue. All I really need is access to >> the >> > > >> > > files >> > > >> > > > in the, what I assume is, vdmk file that comes along with the ovf >> file, >> > > > which mine is called: 154b3d77-d340-4d24-a448-66265c5fb613 >> > > > >> > > > So if anything, is there a way to open this vm disk so I can gain >> access >> > > >> > > to >> > > >> > > > the files? >> > > >> > > OVF file is just a tar archive with disks and XML descriptor. So >> untar >> the >> > > OVF >> > > file should work. >> > > >> > > > Thanks >> > > > ___ >> > > > Users mailing list -- users@ovirt.org >> > > > To unsubscribe send an email to users-le...@ovirt.org >> > > > Privacy Statement: https://www.ovirt.org/privacy-policy.html >> > > > oVirt Code of Conduct: >> > > > https://www.ovirt.org/community/about/community-guidelines/ List >> > > >> > > Archives: >> > > >> > > >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3YAA7Z3SLLDX >> > > 4 >> > > >> > > > GBW6EXPGNOII3OGRYJF/ >> >> > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/HPGLXQNVYG33VQKH3KEIMTN2WDTXIHZ6/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/TPA5P6MENWKO6GWO5E4K2KBGJ66TFNR6/
[ovirt-users] Re: Import to VMware
Does VMware accept the QCOW format? Don't you need to convert it to VMDK? -derek On Fri, May 21, 2021 7:50 am, Darin Schmidt wrote: > I believe you are partially right? Originally it was an OVA file. I > uncompressed the file which gave me another file and the vm.ovf. The OVF > file appears to be only an xml file? Or are you saying I can also > uncompressed the ovf file as well like I did the OVA? > > On Fri, May 21, 2021, 2:39 AM Vojtech Juranek wrote: > >> On Thursday, 20 May 2021 22:58:22 CEST Darin Schmidt wrote: >> > Hello, >> > >> > Ive exported an OVA of a server we had made on OVIRT and Im trying to >> import >> > it to VMware. Its complaining that the ovf:format is incorrect. >> >> > ovf:format="http://www.gnome.org/~markmc/qcow-image-format.html; >> > >> > That link doesnt resolve to anywhere because it appears its now >> > http://people.gnome.org/~markmc/qcow-image-format.html >> >> > But I dont know whats supposed to go there nor have I been able to >> locate >> > anything to help solve this issue. All I really need is access to the >> files >> > in the, what I assume is, vdmk file that comes along with the ovf >> file, >> > which mine is called: 154b3d77-d340-4d24-a448-66265c5fb613 >> >> > So if anything, is there a way to open this vm disk so I can gain >> access >> to >> > the files? >> >> OVF file is just a tar archive with disks and XML descriptor. So untar >> the >> OVF >> file should work. >> >> > Thanks >> > ___ >> > Users mailing list -- users@ovirt.org >> > To unsubscribe send an email to users-le...@ovirt.org >> > Privacy Statement: https://www.ovirt.org/privacy-policy.html >> > oVirt Code of Conduct: >> > https://www.ovirt.org/community/about/community-guidelines/ List >> Archives: >> > >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3YAA7Z3SLLDX4 >> > GBW6EXPGNOII3OGRYJF/ >> >> > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/OOSIUVB2E655BBT4WL4GWST3FUCHGJ5E/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/2ZVZJAEEWNETG57QUF5RVXOUYOQ2DU2Y/
[ovirt-users] Re: Issue upgrading from 4.3 (Centos 7) to 4.4 (Centos 8)
HI, On Fri, May 7, 2021 2:55 am, Gianluca Cecchi wrote: > On Fri, May 7, 2021 at 2:39 AM Derek Atkins wrote: > [snip] > >> >> *THIS* truly answers my underlying question(s). I was concerned that >> the >> engine would be like the node, but this assures me it is not, it's just >> a >> "faster" way to build the engine VM, but it turns into (effectively) a >> standard CentOS+Engine VM post-install... Which SHOULD be good enough >> for >> what I want to do! (I have the engine running a few extra services, and >> wanted to make sure I could continue to do so). >> >> > OK. > But in the mid term the problem will impact you anyway. > What to do after 31/12/2021 with this system, as no new updates from > CentOS > repos? Umm, according to https://www.zdnet.com/article/red-hat-resets-centos-linux-and-users-are-angry/ which links back to https://access.redhat.com/support/policy/updates/errata/#Life_Cycle_Dates which claims CentOS 7 will retain support through 2024-06-30. I think your 2021-12-31 date refers to EL8, not EL7. > > I think in the next months it would be nice to have at least a CentOS --> > CentOS Stream migration path for the Hosted Engine VM or for an external > engine that are now based on CentOS There is no "stream" for EL7. > Or to confirm that the standard path described at > https://centos.org/centos-stream/ works also for CentOS systems where > oVirt > repos are configured and active and engine packages installed. > Currently it says: > dnf swap centos-linux-repos centos-stream-repos > dnf distro-sync > > Gianluca -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/AUOVOBQJGKX5267DXKMZWHL6WYLW3A5M/
[ovirt-users] Re: Issue upgrading from 4.3 (Centos 7) to 4.4 (Centos 8)
Didi, [snip] Thank you for all the details (which I cut from the reply). It's all useful information, and as you noticed, I've not had to install the engine in a while. Moreover > And, BTW, the appliance is not like ovirt-node - once you install it, it's > just a plain normal CentOS machine - you upgrade stuff using 'dnf update' > and 'engine-setup', etc. *THIS* truly answers my underlying question(s). I was concerned that the engine would be like the node, but this assures me it is not, it's just a "faster" way to build the engine VM, but it turns into (effectively) a standard CentOS+Engine VM post-install... Which SHOULD be good enough for what I want to do! (I have the engine running a few extra services, and wanted to make sure I could continue to do so). FWIW, I have a few extra services running on my host, too, but I think I would change that if I ever added additional hardware (currently running single-host). Thank you again for humoring me and answering my questions, even the ones I didn't explicitly ask! > Best regards, -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RZU5ZILC3LDLSIF7VLM3XPN77UDCN33K/
[ovirt-users] Re: Issue upgrading from 4.3 (Centos 7) to 4.4 (Centos 8)
Hi, On Wed, May 5, 2021 9:24 am, Yedidyah Bar David wrote: > On Wed, May 5, 2021 at 4:20 PM Derek Atkins wrote: >> >> Hi, >> >> On Wed, May 5, 2021 1:40 am, Yedidyah Bar David wrote: >> > >> >> And how about engine storage domain? I have a new NFS mount ready but >> it >> >> did not ask me about which storage domain to use. Will it ask in >> later >> >> stage? >> > >> > Yes, storage is handled (also asked about) in a later stage, after the >> > engine is up and the host added to it.. This is a change from <= 4.2, >> > and was done so that we can use the engine (and vdsm) for this, >> > instead of duplicating their functionality in the deploy code. >> >> Color me confused... How does this work? > > Please review: > https://www.ovirt.org/images/Hosted-Engine-4.3-deep-dive.pdf Thanks. However nowhere in those slides does it talk about when one would install the Engine VM base OS. So my questions (quoted below) still apply. >> If I'm installing CentOS and then the Engine into the Hosted-Engine VM, >> don't I need a storage domain for that OS defined in order for me to >> install the OS into the VM? This sounds like a bootstrapping problem? >> >> Or do I install into some temporary storage and then once the Engine + >> VDSM are up and running I can assign the permanent storage and it will >> save/copy the temporary storage over to the permanent storage? But in >> the latter case, that would imply the ability to move the hosted-engine >> storage domain from one place to another? >> >> Or does 4.4 remove the ability to install the hosted-engine into a >> CentOS >> OS and instead one must always use a Hosted Engine appliance? >> >> NB: I installed back at 4.0 and have been upgrading ever since, so I've >> never had to re-install the engine from scratch; I know I will need to >> do >> that if I ever decide to upgrade from 4.3.10 to 4.4 (which, frankly, I >> am >> not looking forward to doing any time soon). >> >> > Good luck and best regards, > -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HXIWJQQ4KBPEE5JZ4O54DG3J6OQEIWG4/
[ovirt-users] Re: Issue upgrading from 4.3 (Centos 7) to 4.4 (Centos 8)
Hi, On Wed, May 5, 2021 1:40 am, Yedidyah Bar David wrote: > >> And how about engine storage domain? I have a new NFS mount ready but it >> did not ask me about which storage domain to use. Will it ask in later >> stage? > > Yes, storage is handled (also asked about) in a later stage, after the > engine is up and the host added to it.. This is a change from <= 4.2, > and was done so that we can use the engine (and vdsm) for this, > instead of duplicating their functionality in the deploy code. Color me confused... How does this work? If I'm installing CentOS and then the Engine into the Hosted-Engine VM, don't I need a storage domain for that OS defined in order for me to install the OS into the VM? This sounds like a bootstrapping problem? Or do I install into some temporary storage and then once the Engine + VDSM are up and running I can assign the permanent storage and it will save/copy the temporary storage over to the permanent storage? But in the latter case, that would imply the ability to move the hosted-engine storage domain from one place to another? Or does 4.4 remove the ability to install the hosted-engine into a CentOS OS and instead one must always use a Hosted Engine appliance? NB: I installed back at 4.0 and have been upgrading ever since, so I've never had to re-install the engine from scratch; I know I will need to do that if I ever decide to upgrade from 4.3.10 to 4.4 (which, frankly, I am not looking forward to doing any time soon). > Good luck and best regards, -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/I4OTGXBR3NH236F7LJJ4FBO4MC5SJ3D3/
[ovirt-users] Re: OvirtEngine Fails (any ideas?)
I'm sure more knowledgeable people will reply, but from me: what does "systemctl status -l ovirt-imageio" give you? It should give a bit more log data about the failure. Is there any log data about the startup? Anything in /var/log/ovirt-imageio-daemon/daemon.log? Anything happen if you try to start it manually? -derek On Mon, March 15, 2021 12:56 pm, Jason Alexander Hazen Valliant-Saunders wrote: > Failed to start oVirt ImageIO Daemon. > CODE_FILE ../src/core/job.c > CODE_FUNC job_log_done_status_message > CODE_LINE 933 > INVOCATION_ID 4c19d99e2caf48a39b4d3c79b290c214 > JOB_RESULT failed > JOB_TYPE start > MESSAGE_ID be02cf6855d2428ba40df7e9d022f03d > PRIORITY 3 > SYSLOG_FACILITY 3 > SYSLOG_IDENTIFIER systemd > UNIT ovirt-imageio.service > _BOOT_ID 4bd6b8dcfcc04655bb96228bbc07e371 > _CAP_EFFECTIVE 3f > _CMDLINE /usr/lib/systemd/systemd --switched-root --system --deserialize > 17 > _COMM systemd > _EXE /usr/lib/systemd/systemd > _GID 0 > _HOSTNAME ovirt1.altignus.com > _MACHINE_ID 0d2ee365ebc64b03982bae07fe190e25 > _PID 1 > _SELINUX_CONTEXT system_u:system_r:init_t:s0 > _SOURCE_REALTIME_TIMESTAMP 1615827351504037 > _SYSTEMD_CGROUP /init.scope > _SYSTEMD_SLICE -.slice > _SYSTEMD_UNIT init.scope > _TRANSPORT journal > _UID 0 > __CURSOR > s=896394b4edaf41349024e42366d9e760;i=3393;b=4bd6b8dcfcc04655bb96228bbc07e371;m=30ad6a7e;t=5bd961f4e04b9;x=b3fe6e1de39c7ab8 > __MONOTONIC_TIMESTAMP 816671358 > __REALTIME_TIMESTAMP 1615827351504057 > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/DNB73ZMUB5DIMV7UK74MTFYTE7SGZ5J7/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HX4TCAOLFIDKVCVPSXMH2CHBU6JLNX3Z/
[ovirt-users] Re: move ovirt 4.3.9 to RHEL 8
Ummm.. I realize it's been a while but aren't you supposed to install ovirt-engine-setup and not ovirt-engine? -derek Sent using my mobile device. Please excuse any typos. On January 29, 2021 8:29:00 PM Paul Dyer wrote: thanks Gianluca for the well thought out response. I started over and tried to install RHEL 8 with ovirt 4.4. I ran into a few problems, which may be related. First was that the module javapackages-tools could not be found. # yum module enable javapackages-tools Updating Subscription Management repositories. Last metadata expiration check: 0:17:45 ago on Fri 29 Jan 2021 07:02:20 PM CST. Error: Problems in request: missing groups or modules: javapackages-tools Then, the install of ovirt-engine relies on apache-commons-compress, but no version could pass module filtering. [root@r8-bacchus yum.repos.d]# yum install ovirt-engine Updating Subscription Management repositories. Last metadata expiration check: 0:12:16 ago on Fri 29 Jan 2021 07:02:20 PM CST. Error: Problem: package ovirt-engine-4.4.4.7-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - cannot install the best candidate for the job - package apache-commons-compress-1.20-1.module+el8.2.1+6727+059d025f.noarch is filtered out by modular filtering - package apache-commons-compress-1.20-3.module+el8.2.1+7436+4afdca1f.noarch is filtered out by modular filtering (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) [root@r8-bacchus yum.repos.d]# yum install ovirt-engine --nobest Updating Subscription Management repositories. Last metadata expiration check: 0:14:26 ago on Fri 29 Jan 2021 07:02:20 PM CST. Error: Problem: conflicting requests - package ovirt-engine-4.4.0.3-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.1-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.1.1-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.1.10-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.1.2-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.1.3-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.1.4-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.1.5-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.1.6-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.1.7-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.1.8-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.2.6-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.3.10-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.3.11-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.3.12-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.3.3-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.3.4-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.3.5-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.3.6-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.3.7-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.3.8-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.3.9-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.4-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.4.1-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.4.2-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.4.3-1.el8.noarch requires apache-commons-compress, but none of the providers can be installed - package ovirt-engine-4.4.4.4-1.el8.noarch requires
[ovirt-users] Geographically-distrbuted Ovirt Cluster?
Hi, Right now I run a 1-server hyperconverged hosted-engine deployment. Other than requiring systemwide downtime to perform host maintenance, it has worked fairly well for me over the past few years. However, after a couple power and upstream-network outages, there have been questions about the ability to "distribute the load", so to speak. Considering what our workload is (main git repo, wiki, email list + archives, etc), it can't easily be distributed by a periodic resync and DNS round robin like a static web site. To solve this distribution problem I was wondering if there might be some way to deploy a handful of physical servers in different geographic locations that work together to create an HE environment for guest VMs? My initial fear would be that it would require dedicated 1Gb (or higher) between the sites to move data? Let's say we do NOT have that level of connectivity. I saw something about geographic replication in Gluster? But that would seem to be more about replicating a local cluster to a remote cluster? I suspect the answer is: no, a cluster must all be physically co-located. But I figured I would ask the experts. Thanks all for your insights. -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/GRWSTAQ7O63KLLJMS54465INSXGBUMO6/
[ovirt-users] Re: Gluster Hyperconverged fails with single disk partitioned
Ovirt is expecting an LVM volume, not a raw partition. -derek Sent using my mobile device. Please excuse any typos. On January 20, 2021 7:13:45 PM Shantur Rathore wrote: Hi, I am trying to setup a single host Self-Hosted hyperconverged setup with GlusterFS. I have a custom partitioning where I provide 100G for oVirt and its partitions and rest 800G to a physical partition (/dev/sda4). When I try to create gluster deployment with the wizard, it fails TASK [gluster.infra/roles/backend_setup : Create volume groups] failed: [ovirt-macpro-16.lab.ced.bskyb.com] (item={'key': 'gluster_vg_sda4', 'value': [{'vgname': 'gluster_vg_sda4', 'pvname': '/dev/sda4'}]}) => {"ansible_loop_var": "item", "changed": false, "err": " Device /dev/sda4 excluded by a filter.\n", "item": {"key": "gluster_vg_sda4", "value": [{"pvname": "/dev/sda4", "vgname": "gluster_vg_sda4"}]}, "msg": "Creating physical volume '/dev/sda4' failed", "rc": 5} I checked and /etc/lvm/lvm.conf filter doesn't allow /dev/sda4. It only allows PV for onn VG. Once I manually allow /dev/sda4 to lvm filter, it works fine and gluster deployment completes. Fdisk : # fdisk -l /dev/sda Disk /dev/sda: 931.9 GiB, 100081440 bytes, 1954210120 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disklabel type: gpt Disk identifier: FE209000-85B5-489A-8A86-4CF0C91B2E7D Device StartEndSectors Size Type /dev/sda1 204812308471228800 600M EFI System /dev/sda2123084833279992097152 1G Linux filesystem /dev/sda33328000 213043199 209715200 100G Linux LVM /dev/sda4 213043200 1954209791 1741166592 830.3G Linux filesystem LVS # lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert home onn Vwi-aotz-- 10.00g pool0 0.11 ovirt-node-ng-4.4.4-0.20201221.0 onn Vwi---tz-k 10.00g pool0 root ovirt-node-ng-4.4.4-0.20201221.0+1 onn Vwi-aotz-- 10.00g pool0 ovirt-node-ng-4.4.4-0.20201221.0 25.26 pool0 onn twi-aotz-- 95.89g 2.95 14.39 root onn Vri---tz-k 10.00g pool0 swap onn -wi-ao 4.00g tmponn Vwi-aotz-- 10.00g pool0 0.12 varonn Vwi-aotz-- 20.00g pool0 0.92 var_crash onn Vwi-aotz-- 10.00g pool0 0.11 var_logonn Vwi-aotz-- 10.00g pool0 0.13 var_log_audit onn Vwi-aotz-- 4.00g pool0 0.27 # grep filter /etc/lvm/lvm.conf filter = ["a|^/dev/disk/by-id/lvm-pv-uuid-QrvErF-eaS9-PxbI-wCBV-3OxJ-V600-NG7raZ$|", "r|.*|"] Am I doing something which oVirt isn't expecting? Is there anyway to provide tell gluster deployment to add it to lvm config. Thanks, Shantur ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/BP7BQWG3O7IFRLU4W6ZNV4J6PHR4DUZF/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/NJY2DTWIAE6COJ4CXCRLEEL4WH452MK2/
[ovirt-users] Re: CentOS 8 is dead
Hmm. I appear to be having Slack issues. Even though I am logged into my slack and have it running, when I click this link I get a "sign in to your workspace" -- and I can't get to this channel. Maybe it's not public and is limited somehow? Or maybe Slack doesn't like me? -derek On Tue, December 8, 2020 4:21 pm, Strahil Nikolov wrote: > Actually, > > you are not the only one thinking about it. > You can check a lot of users (including me) are joining the following > slack channel: https://app.slack.com/client/T0YKGK200/D01H5BZ85LG > > Best Regards, > Strahil Nikolov > > В 16:01 -0500 на 08.12.2020 (вт), Derek Atkins написа: >> On Tue, December 8, 2020 3:49 pm, Christopher Cox wrote: >> > On 12/8/20 2:20 PM, Michael Watters wrote: >> > > This was one of my fears regarding the IBM acquisition. I guess >> > > we >> > > can't complain too much, it's not like anybody *pays* for >> > > CentOS. :) >> > >> > Yes, but this greatly limits oVirt use to temporal dev labs only. >> > >> > Maybe oVirt should look into what it would take to one of the long >> > term >> > Devian >> > based distros >> >> So... stupid question, but... What would it take for a group of >> interested individuals to "take over" the current CentOS-as-RHEL- >> rebuild >> processes currently in place? I honestly have no idea how much >> person-hour effort it it is to maintain CentOS, or what other >> resources >> (build machines / infrastructure) are required? >> >> > ...snippity >> >> -derek >> -- >>Derek Atkins 617-623-3745 >>de...@ihtfp.com www.ihtfp.com >>Computer and Internet Security Consultant >> ___ >> Users mailing list -- users@ovirt.org >> To unsubscribe send an email to users-le...@ovirt.org >> Privacy Statement: https://www.ovirt.org/privacy-policy.html >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/IVROYZSBEM3GSWGON452YKOF7U5HXNTY/ > > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/GYOQ4DA4BE2VVR2W22ERF7BAH6UWB5EY/
[ovirt-users] Re: CentOS 8 is dead
On Tue, December 8, 2020 3:49 pm, Christopher Cox wrote: > On 12/8/20 2:20 PM, Michael Watters wrote: >> This was one of my fears regarding the IBM acquisition. I guess we >> can't complain too much, it's not like anybody *pays* for CentOS. :) > > Yes, but this greatly limits oVirt use to temporal dev labs only. > > Maybe oVirt should look into what it would take to one of the long term > Devian > based distros So... stupid question, but... What would it take for a group of interested individuals to "take over" the current CentOS-as-RHEL-rebuild processes currently in place? I honestly have no idea how much person-hour effort it it is to maintain CentOS, or what other resources (build machines / infrastructure) are required? > ...snippity -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/IVROYZSBEM3GSWGON452YKOF7U5HXNTY/
[ovirt-users] Re: Error creating host certificate with SubjectAltName with -ki-enroll-request.sh
On Tue, December 8, 2020 10:17 am, Yedidyah Bar David wrote: > On Tue, Dec 8, 2020 at 5:09 PM Derek Atkins wrote: >> [snip] >> Is there any chance this could be added to the --help output? >> An actual example would have been very useful. > > Frankly, I'd prefer people (like you) that need to use these > utilities manually, to search the net if they have problems, > than spending hours debating about how long --help should be, > what should be included in it and what not, what link we might > provide for further reference (and please note that I didn't > include such a link in my original reply - simply because I > failed to find one that seemed "most suitable"), etc. That said, > patches are welcome! If you think you can improve the current > text in a conflict-free way, which everyone will agree to, please > go ahead and push a patch! :-) I'll take a look at doing that. I did google some before asking here, but there were very few hits for usage of pki-enroll-request.sh -- although I admit I did not try many different search terms. Most of the results were not ovirt related nor related to this script at all. > BTW: What I personally do, is to search the code and/or relevant > logs to see what other tools (the engine, engine-setup, in this > case) do, as "reference examples". That presumes having ready access to (in this case) ovirt sources -- which you obviously do but I do not. As a user, I don't feel I should need to go refer to the sources to determine how a utility program should be properly used. IMHO that's what documentation is used for. However I will keep that in mind for my next issue ;) But I do understand your PoV -- for GnuCash I often reference the sources when answering people's questions. However that's a case where I am (or was) one of the developers so I do have the sources handy. :) Thanks again. I am all set now! -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/AK42QT53KEZ4BXSCXX6K4VXDVRBRGN3R/
[ovirt-users] Re: Error creating host certificate with SubjectAltName with -ki-enroll-request.sh
Hi Didi, On Tue, December 8, 2020 10:03 am, Yedidyah Bar David wrote: > On Tue, Dec 8, 2020 at 4:25 PM Derek Atkins wrote: >> >> Hi, >> >> I'm running a single-host, hosted-engine Ovirt deployment, version >> 4.3.10 >> (upgraded from 4.0->4.1->4.2) and it's complaining that my host cert >> does >> not have a SubjectAltName. >> >> If I try to use pki-enroll-request.sh to rebuild the host cert and >> follow >> the instructions to add a --san, I get an error: >> >> /usr/share/ovirt-engine/bin/pki-enroll-request.sh --name=host.na.me >> --san=host.na.me > > Please try with '--san=DNS:host.na.me'. AHA, thank you... Thank worked. >> Using configuration from openssl.conf >> Check that the request matches the signature >> Signature ok >> The Subject's Distinguished Name is as follows >> organizationName :PRINTABLE:'My Org Name' >> commonName:PRINTABLE:'host.na.me' >> ERROR: adding extensions in section v3_ca_san >> 139875647600528:error:2207507C:X509 V3 >> routines:v2i_GENERAL_NAME_ex:missing value:v3_alt.c:531: >> 139875647600528:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error >> in >> extension:v3_conf.c:95:name=subjectAltName, value=host.na.me >> Cannot sign certificate >> >> Am I using this script incorrectly? > > You are using it well. --san argument is passed as-is to openssl's > 'subjectAltName', which requires a prefix to tell its type. Search the > net for 'openssl subjectAltName' for other examples. Is there any chance this could be added to the --help output? An actual example would have been very useful. Thanks again! > Best regards, > -- > Didi -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/UU4NAMQXEGUDLYG2WJJILTJZ3QRYVCRA/
[ovirt-users] [SOLVED] Re: Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?
Hi, On Mon, December 7, 2020 4:02 pm, Derek Atkins wrote: > Hi Michal, > > On Mon, December 7, 2020 11:43 am, Michal Skrivanek wrote: >> [snip] > And for the record, after putting the new certificates into place by > hand, > just restarting a VM was sufficient to get Spice to pull in the new > cert(s). So, technically, it LOOKS like I don't have to reboot the whole > system (although I plan to do that tonight) -- I could just shutdown and > re-run each VM. > >> HTH, >> michal > > Thank you for all your support and everything you do for this project, > Michal. We very much appreciate it! For the record, I rebooted the host last night and once everything came back, the new certs were all in place and everything was happy Except for the fact that my host cert does not have a SAN (SubjectAltName) so the engine is *still* complaining about it. See my other email about that. FYI, here are the commands I used to refresh everything (modulo restarting everything): set my_date="$(date +"%Y%m%d%H%M%S")" ## On the ENGINE, rebuild the CA Cert: cp -p /etc/pki/ovirt-engine/private/ca.pem /etc/pki/ovirt-engine/private/ca.pem.$my_date cp -p /etc/pki/ovirt-engine/ca.pem{,.$my_date} openssl x509 -signkey /etc/pki/ovirt-engine/private/ca.pem -in /etc/pki/ovirt-engine/ca.pem -out /etc/pki/ovirt-engine/ca.pem.new -days 3650 -sha256 openssl x509 -in /etc/pki/ovirt-engine/ca.pem.new -text > /etc/pki/ovirt-engine/ca.pem.new.full mv /etc/pki/ovirt-engine/ca.pem.new.full /etc/pki/ovirt-engine/ca.pem mv /etc/pki/ovirt-engine/certs/ca.der{,.$my_date} cp -p /etc/pki/ovirt-engine/ca.pem.new /etc/pki/ovirt-engine/certs/ca.der # On ovirt host, create a CSR: # openssl x509 -x509toreq -in /etc/pki/libvirt/clientcert.pem -out /tmp/HOST.csr -signkey /etc/pki/libvirt/private/clientkey.pem mv /etc/pki/ovirt-engine/certs/host.na.me.cer{,.$my_date} mv /etc/pki/ovirt-engine/requests/host.na.me.req{,.$my_date} # copy new CSR into place on the engine: #/etc/pki/ovirt-engine/requests/host.na.me.req # and sign it: /usr/share/ovirt-engine/bin/pki-enroll-request.sh --name=host.na.me # NB -- adding --san results in an error: --san=host.na.me # copy new Host cert from /etc/pki/ovirt-engine/certs/host.na.me.cer #to host:new_cert # and copy CA cert to host:cacert.pem # ON OVIRT Host: mv /etc/pki/libvirt/clientcert.pem{,.$my_date} mv /etc/pki/vdsm/certs/vdsmcert.pem{,.$my_date} mv /etc/pki/vdsm/libvirt-spice/server-cert.pem{,.$my_date} cp -p new_cert /etc/pki/libvirt/clientcert.pem cp -p new_cert /etc/pki/vdsm/certs/vdsmcert.pem cp -p new_cert /etc/pki/vdsm/libvirt-spice/server-cert.pem chown root:kvm /etc/pki/libvirt/clientcert.pem /etc/pki/vdsm/certs/vdsmcert.pem /etc/pki/vdsm/libvirt-spice/server-cert.pem # # Copy new CA cert into place on Host: mv /etc/pki/CA/cacert.pem{,$my_date} cp -p cacert.pem /etc/pki/CA/cacert.pem chgrp kvm /etc/pki/CA/cacert.pem mv /etc/pki/vdsm/certs/cacert.pem{,.$my_date} mv /etc/pki/vdsm/libvirt-spice/ca-cert.pem{,.$my_date} mv /etc/pki/ovirt-engine/ca.pem{,.$my_date} cp -p /etc/pki/CA/cacert.pem /etc/pki/vdsm/certs/cacert.pem cp -p /etc/pki/CA/cacert.pem /etc/pki/vdsm/libvirt-spice/ca-cert.pem cp -p /etc/pki/CA/cacert.pem /etc/pki/ovirt-engine/ca.pem At this point I shut down all VMs, rebooted the host, and restarted all the VMs and everything came back happy (except for the lack of the SubjectAltName). Also note that you will need to remove the trusted cert from your browser(s) and re-add the new CA cert -- otherwise you will get a browser error complaining about the change in certificate from the same Issuer and with the same Serial#. -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/XJ6CE262KXWE3X5CGX55YXYCUFFVYRM6/
[ovirt-users] Error creating host certificate with SubjectAltName with -ki-enroll-request.sh
Hi, I'm running a single-host, hosted-engine Ovirt deployment, version 4.3.10 (upgraded from 4.0->4.1->4.2) and it's complaining that my host cert does not have a SubjectAltName. If I try to use pki-enroll-request.sh to rebuild the host cert and follow the instructions to add a --san, I get an error: /usr/share/ovirt-engine/bin/pki-enroll-request.sh --name=host.na.me --san=host.na.me Using configuration from openssl.conf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows organizationName :PRINTABLE:'My Org Name' commonName:PRINTABLE:'host.na.me' ERROR: adding extensions in section v3_ca_san 139875647600528:error:2207507C:X509 V3 routines:v2i_GENERAL_NAME_ex:missing value:v3_alt.c:531: 139875647600528:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=subjectAltName, value=host.na.me Cannot sign certificate Am I using this script incorrectly? Thanks, -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/JRNYDRPFACRQK6FU3YN6XMJ276N3HJYQ/
[ovirt-users] Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?
Hi Michal, On Mon, December 7, 2020 11:43 am, Michal Skrivanek wrote: > > >> On 7 Dec 2020, at 15:35, Gianluca Cecchi >> wrote: >> >> On Mon, Dec 7, 2020 at 2:22 PM Derek Atkins > <mailto:de...@ihtfp.com>> wrote: >> [snip] >> >> The main advantages of ovirt over virt-manager is the access-control and >> remote-access capabilities. Specifically, I have several users which >> have >> different access to different VMs and their consoles. Without providing >> ssh access to the host, I wasn't sure how to provide that access in a >> clean way via virt-manager. [snip] >> +1 here. >> And I think developers should put more attention in single host >> environments than lastly done. > > well, the truth is it is a corner case. I’m not saying it shouldn’t work > but as Didi said a single host management was never the main goal. We’ve > built oVirt around shared storage and DC scalability, that it sort of > happens to work with single host is….nice, but it’s really not that > typical. There are better options for desktop-like virtualization in OSS > world, there’s virt-manager, there’s VM management in cockpit UI, > gnome-boxes. As of several years ago, I don't think any of these options worked with multiple, distributed (remote) users with different capabilities on the same VM Host. Has that changed? >> Derek explained very well what could be many common situations to have a >> single host environment and the reason not to use virt-manager and such. >> At time there was the all-in-one and then it was deprecated/abandoned in >> favour of single host deployment. > > yes. but it was never meant to be a real thing in a first place, it was > created just for demo purposes so it can run on a single laptop. > >> Now due to perhaps ansible playbook or new logic in host upgrades it >> seems to see more and more messages about single host not supported. > > it’s not intentional, just not tested enough so it keeps breaking. we > really can’t test every use case in automation. I think there are enough users who want this configuration (or, gasp, are actually using this configuration) that it might warrant a little more testing. Yes, we understand that there will be times that we need to shut down VMs and reboot the system, and those times can be scheduled (like I've done). However, that WOULD require a little more support, to at least have a recipe that works on a single-host hosted-engine solution. For host cert renewal, that recipe didn't really exist. [snip] > I don’t think it would take too much attention, TBH. We’re still dealing > with 4.4 and el8 complications (it’s still fairly early since GA of a > major release) Of course. (Personally, I think it should have been called 5.0 instead of 4.4, as it requires a full re-install to migrate from 4.3). > What would make sense, I think, is to identify the actual > issues/complications and do them differently, like indeed a special local > playbooks or whatnot, or “special” hacks. And then document on oVirt wiki. > But otherwise I do not really see them supportable - the amount of work to > e.g. re-enroll certs on a running host is just too much to do properly, > and everyone has a different level of “risk” they accept. Exactly. Some tested playbook recipes that allows a single-host hosted-engine deployment to perform these operations is really what I'm asking for. Yes, I know it will require rebooting. But reboot is much less risky that re-install! And for the record, after putting the new certificates into place by hand, just restarting a VM was sufficient to get Spice to pull in the new cert(s). So, technically, it LOOKS like I don't have to reboot the whole system (although I plan to do that tonight) -- I could just shutdown and re-run each VM. > HTH, > michal Thank you for all your support and everything you do for this project, Michal. We very much appreciate it! -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/4NVDF5RRX54H5ZP57VIBP4ULECNQF4FJ/
[ovirt-users] Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?
Hi Didi, Sorry for the multiple emails yesterday. I'm going to respond to all of your responses in this one. On Mon, December 7, 2020 3:31 am, Yedidyah Bar David wrote: > On Sun, Dec 6, 2020 at 8:14 PM Derek Atkins wrote: >> >> Hi again, >> >> I also noticed that ca.pem was not updated -- it's still using Sha1. > > You are right - we didn't make engine-setup recreate existing certs > for this - "Renew" deals with other stuff [1]. We only change the > default for new ones [2], and wrote a procedure [3][4] for doing this > manually. At the time, this wasn't mandatory - browsers didn't reject > sha1. Perhaps now it should be. I should point out that it's not the browsers that are rejecting SHA1, but it is remote-viewer that is. My Fedora-33 firefox connected to my Sha1-using Ovirt HTTPS just fine, without any complaints. Granted, as I note later, these certs were already imported and accepted in firefox years ago, so that could be why there was not complaints. However, the console.vv file sent to remote-viewer includes the CA cert -- but I'm not sure if it's complaining about that or the host cert that gets sent during the connection; I can't tell from the output. I know it's the CA cert that's sent in the .vv file, but I'm not 100% sure which particular source is being used, and I'm not sure which cert is considered "bad" by the viewer. [snip] >> I don't know if this will be an issue with remote-viewer if I wind up >> refreshing the host cert? > > As I said, at the time it didn't seem to be mandatory, and docs seemed > to be enough. If you feel otherwise, please open a bug. I already refreshed the CA cert, so unfortunately I wont be able to test this for sure. I know that refreshing the CA cert on the engine alone is not sufficient -- the console.vv file still has the old one, even after an engine restart. > I think there is a difference, or at least there was, between what > browsers > did/do with https certs, and what they did with CA certs. Probably true, but firefox was not complaining with the Sha1 certs. > If you had a CA cert already accepted/imported/trusted by the browser, > and then you entered a site with a cert signed by this CA, but with a > SHA1 signature, this was one separate case. Browsers started warning/ > rejecting them earlier. I think I had already accepted the site cert which is probably why it wasn't complaining about it being SHA1. > If you have a CA cert with a SHA1 signature, and want to import that to > a browser, that's another case. I didn't test recently (or much over time, > other than working on these bugs) with recent browsers, but I think it > took longer until they rejected (if indeed they do - not sure all of them > do). Indeed. I already had both the SHA1 CA cert and the SHA1 host cert accepted in my Firefox trust before I upgraded, so perhaps that's why I didn't see any issues in F33. I removed both and re-imported the (new) CA cert. >> One more question: >> >> Can you verify that etc/pki/libvirt/clientcert.pem, >> etc/pki/vdsm/certs/vdsmcert.pem, and >> etc/pki/vdsm/libvirt-spice/server-cert.pem are all supposed to be same >> certificate (on the host)? By a quick find | grep all three of these >> files appear to be the .cer certificate file? > > Yes, and also vdsm/libvirt-vnc/server-cert.pem . I don't see this directly in /etc/pki on the host? All I see is: # ls -l /etc/pki/vdsm/ total 8 drwxr-xr-x. 2 vdsm kvm 4096 Dec 6 17:16 certs drwxr-xr-x. 2 vdsm kvm 80 Jun 7 2020 keys drwxr-xr-x. 2 vdsm kvm 4096 Dec 6 17:18 libvirt-spice And /etc/pki/vdsm does not exist on the engine. Indeed: # find /etc/pki -name server-cert.pem /etc/pki/vdsm/libvirt-spice/server-cert.pem >> Does it matter that ca.der didn't change? I don't know if that is a >> self-signed cert that might be problematic? > > ca.der is not used by anything, you can ignore it. The private key of > the CA is in /etc/pki/ovirt-engine/private/ca.pem, and the public key > is in /etc/pki/ovirt-engine/ca.pem. That's what all tools use. Actually, I verified that ca.der *IS* used -- that's what gets sent out if you access http://your-manager-fqdn/ovirt-engine/services/pki-resource?resource=ca-certificate=X509-PEM-CA -- so I had to update that in order to make the new cert available. > Generally speaking, the project considers the "standard" use case to be a > setup of at least two hosts, and at least one host "extra" (in terms of > capacity), so that if a host fails, you can still keep everything up. In > that regard, a single-host setup is considered a kind of "corner case", > meant mainly for testing/development, not production. Is there such a big > advantage in using oVirt for a single host, compared to virt-manager? The main advantages
[ovirt-users] Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?
Hi again, I also noticed that ca.pem was not updated -- it's still using Sha1. I don't know if this will be an issue with remote-viewer if I wind up refreshing the host cert? -derek On Sun, December 6, 2020 7:44 am, Yedidyah Bar David wrote: > On Sun, Dec 6, 2020 at 12:34 AM Derek Atkins wrote: >> >> Hi, >> >> I've got a single-host hosted-engine deployment that I originally >> installed with 4.0 and have upgraded over the years to 4.3.10. I and >> some >> of my users have upgraded remote-viewer and now I get an error when I >> try >> to view the console of my VMs: >> >> (remote-viewer:8252): Spice-WARNING **: 11:30:41.806: >> ../subprojects/spice-common/common/ssl_verify.c:477:openssl_verify: >> Error >> in server certificate verification: CA signature digest algorithm too >> weak >> (num=68:depth0:/O=/CN=) >> >> I am 99.99% sure this is because the old certs use SHA1. >> >> I reran engine-setup on the engine and it asked me if I wanted to renew >> the PKI, and I answered yes. This replaced many[1] of the certificates >> in >> /etc/pki/ovirt-engine/certs on the engine, but it did not update the >> Host's certificate. > > Indeed. > >> >> All the documentation I've seen says that to refresh this certificate I >> need to put the host into maintenance mode and then re-enroll.. However >> I >> cannot do that, because this is a single-host system so I cannot put the >> host in local mode -- there is no place to migrate the VMs (let alone >> the >> Engine VM). >> >> So Is there a command-line way to re-enroll manually and update the >> host certs? > > I don't think you'll find anything like this. > > People did come up in the past with various procedure to hack pki like > what > you want, but these are, generally speaking, quite fragile - usually do > not > get updated over versions etc. > > I am pretty certain the only way to do this using "official" tools/docs > is: > > 1. Stop all VMs except for the engine one. > > 2. Take a backup with engine-backup. > > 3. Stop the engine VM. > > 4. Reinstall the host OS from scratch or use ovirt-hosted-engine-cleanup. > > 5. Provision the host again as a hosted-engine host, using > '--restore-from-file'. > Either using new storage for the engine, or after cleaning up the existing > hosted-engine storage. > > If you still want to try doing this manually, then the tool to use is > pki-enroll-request.sh. IIRC it's documented. You should find what > keys/certs > you want to replace, generate new keys and CSRs (or use existing keys and > generate CSRs, or even use existing CSRs if you find them), copy to the > engine, > sign with pki-enroll-request.sh, then copy the generated cert to the host. > I am > almost certain there is no way to tell vdsm (and other processes) to > reload > the certs, so you'll have to restart it (them) - and this usually > requires putting > the host in maintenance (and therefore stop (migrate) all VMs). > >> Or some other way to get all the leftover certs renewed? > > Which ones, specifically? > >> >> Thanks, >> >> -derek >> >> [1] Not only did it not update the Host's cert, it did not update any of >> the vmconsole-proxy certs, nor the certs in /etc/pki/ovirt-vmconsole/, >> and >> obviously nothing in /etc/pki/ on the host itself. > > AFAIR no process uses these certs as such. There are only processes that > use > the ssh-format keys extracted from them, which do not include a signature > (sha1 or whatever). > > If you think I am wrong, and/or notice other certs that need to be > regenerated, > that's a bug - please open one. Thanks! > > Re remote-viewer/spice: You didn't say if you tried again after > engine-setup > and what happened. In any case, this is unrelated to vmconsole (which is > for > serial consoles, using ssh). But you might still need to regenerate the > host > cert. > > BTW: You can try using novnc and websocket-proxy - engine-setup does > update > the cert for the latter, so this might work as-is. > > Best regards, > -- > Didi > > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/UY44RUFT5MWMZ57Q4A4JWEOVPRSLBGTG/
[ovirt-users] Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?
Hi Didi, One more question: Can you verify that etc/pki/libvirt/clientcert.pem, etc/pki/vdsm/certs/vdsmcert.pem, and etc/pki/vdsm/libvirt-spice/server-cert.pem are all supposed to be same certificate (on the host)? By a quick find | grep all three of these files appear to be the .cer certificate file? -derek On Sun, December 6, 2020 12:25 pm, Derek Atkins wrote: > HI, > > On Sun, December 6, 2020 7:44 am, Yedidyah Bar David wrote: >> On Sun, Dec 6, 2020 at 12:34 AM Derek Atkins wrote: > [snip] >>> So Is there a command-line way to re-enroll manually and update >>> the >>> host certs? >> >> I don't think you'll find anything like this. >> >> People did come up in the past with various procedure to hack pki like >> what >> you want, but these are, generally speaking, quite fragile - usually do >> not >> get updated over versions etc. >> >> I am pretty certain the only way to do this using "official" tools/docs >> is: >> >> 1. Stop all VMs except for the engine one. >> >> 2. Take a backup with engine-backup. >> >> 3. Stop the engine VM. >> >> 4. Reinstall the host OS from scratch or use >> ovirt-hosted-engine-cleanup. >> >> 5. Provision the host again as a hosted-engine host, using >> '--restore-from-file'. >> Either using new storage for the engine, or after cleaning up the >> existing >> hosted-engine storage. > > If I were to go this route I might as well upgrade to EL8 / 4.4 at the > same time. However, I would rather not do that; I consider that a very > dangerous operation, with a generally too-high probability of failure. > >> If you still want to try doing this manually, then the tool to use is >> pki-enroll-request.sh. IIRC it's documented. You should find what >> keys/certs >> you want to replace, generate new keys and CSRs (or use existing keys >> and >> generate CSRs, or even use existing CSRs if you find them), copy to the >> engine, >> sign with pki-enroll-request.sh, then copy the generated cert to the >> host. > > Thanks. I will look into this method. > >> I am >> almost certain there is no way to tell vdsm (and other processes) to >> reload >> the certs, so you'll have to restart it (them) - and this usually >> requires putting >> the host in maintenance (and therefore stop (migrate) all VMs). > > I don't mind stopping the VMs in order to reboot the host if I can plan > that. My understanding is that because there is no place to migrate the > hosted-engine, that implies even I stop all the other VMs, I still cannot > put the host into maintenance mode. Is my understanding correct? > >>> Or some other way to get all the leftover certs renewed? >> >> Which ones, specifically? > > I think I listed them all: *.cer and vmconsole*.cer on the engine, > and of course everything on the host itself. > > Does it matter that ca.der didn't change? I don't know if that is a > self-signed cert that might be problematic? > >>> >>> Thanks, >>> >>> -derek >>> >>> [1] Not only did it not update the Host's cert, it did not update any >>> of >>> the vmconsole-proxy certs, nor the certs in /etc/pki/ovirt-vmconsole/, >>> and >>> obviously nothing in /etc/pki/ on the host itself. >> >> AFAIR no process uses these certs as such. There are only processes that >> use >> the ssh-format keys extracted from them, which do not include a >> signature >> (sha1 or whatever). >> >> If you think I am wrong, and/or notice other certs that need to be >> regenerated, >> that's a bug - please open one. Thanks! > > I have not noticed anything, yet, but I have not restarted the host or > vdsm since I re-ran engine-setup. > >> Re remote-viewer/spice: You didn't say if you tried again after >> engine-setup >> and what happened. In any case, this is unrelated to vmconsole (which is >> for >> serial consoles, using ssh). But you might still need to regenerate the >> host >> cert. > > Sorry, I thought I did. Yes, I did try re-running remote-viewer after > running engine-setup. There was no change in the console.vv file (except > of course for the password and sso-token), so yes, it failed in the same > way. > > Note, however, that I did not restart vdsm or the host after running > engine-setup. > >> BTW: You can try using novnc and websocket-proxy - engine-setup does >> update >> the cert for the latter, so this might work as-is. > > Yes, that does work indeed, so as a short-term solu
[ovirt-users] Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?
HI, On Sun, December 6, 2020 7:44 am, Yedidyah Bar David wrote: > On Sun, Dec 6, 2020 at 12:34 AM Derek Atkins wrote: [snip] >> So Is there a command-line way to re-enroll manually and update the >> host certs? > > I don't think you'll find anything like this. > > People did come up in the past with various procedure to hack pki like > what > you want, but these are, generally speaking, quite fragile - usually do > not > get updated over versions etc. > > I am pretty certain the only way to do this using "official" tools/docs > is: > > 1. Stop all VMs except for the engine one. > > 2. Take a backup with engine-backup. > > 3. Stop the engine VM. > > 4. Reinstall the host OS from scratch or use ovirt-hosted-engine-cleanup. > > 5. Provision the host again as a hosted-engine host, using > '--restore-from-file'. > Either using new storage for the engine, or after cleaning up the existing > hosted-engine storage. If I were to go this route I might as well upgrade to EL8 / 4.4 at the same time. However, I would rather not do that; I consider that a very dangerous operation, with a generally too-high probability of failure. > If you still want to try doing this manually, then the tool to use is > pki-enroll-request.sh. IIRC it's documented. You should find what > keys/certs > you want to replace, generate new keys and CSRs (or use existing keys and > generate CSRs, or even use existing CSRs if you find them), copy to the > engine, > sign with pki-enroll-request.sh, then copy the generated cert to the host. Thanks. I will look into this method. > I am > almost certain there is no way to tell vdsm (and other processes) to > reload > the certs, so you'll have to restart it (them) - and this usually > requires putting > the host in maintenance (and therefore stop (migrate) all VMs). I don't mind stopping the VMs in order to reboot the host if I can plan that. My understanding is that because there is no place to migrate the hosted-engine, that implies even I stop all the other VMs, I still cannot put the host into maintenance mode. Is my understanding correct? >> Or some other way to get all the leftover certs renewed? > > Which ones, specifically? I think I listed them all: *.cer and vmconsole*.cer on the engine, and of course everything on the host itself. Does it matter that ca.der didn't change? I don't know if that is a self-signed cert that might be problematic? >> >> Thanks, >> >> -derek >> >> [1] Not only did it not update the Host's cert, it did not update any of >> the vmconsole-proxy certs, nor the certs in /etc/pki/ovirt-vmconsole/, >> and >> obviously nothing in /etc/pki/ on the host itself. > > AFAIR no process uses these certs as such. There are only processes that > use > the ssh-format keys extracted from them, which do not include a signature > (sha1 or whatever). > > If you think I am wrong, and/or notice other certs that need to be > regenerated, > that's a bug - please open one. Thanks! I have not noticed anything, yet, but I have not restarted the host or vdsm since I re-ran engine-setup. > Re remote-viewer/spice: You didn't say if you tried again after > engine-setup > and what happened. In any case, this is unrelated to vmconsole (which is > for > serial consoles, using ssh). But you might still need to regenerate the > host > cert. Sorry, I thought I did. Yes, I did try re-running remote-viewer after running engine-setup. There was no change in the console.vv file (except of course for the password and sso-token), so yes, it failed in the same way. Note, however, that I did not restart vdsm or the host after running engine-setup. > BTW: You can try using novnc and websocket-proxy - engine-setup does > update > the cert for the latter, so this might work as-is. Yes, that does work indeed, so as a short-term solution that can work for me. I'll ask my colleague on a Mac if that works for him. But it would be nice to get remote-viewer working, IMHO, which would require a way to renew / refresh the host cert -- which of course would be nice to do without having to re-install! Thanks!!! > Best regards, > -- > Didi -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/4AGI6SIPIP6JRU4SYLTXL5YGP5VPL462/
[ovirt-users] How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?
Hi, I've got a single-host hosted-engine deployment that I originally installed with 4.0 and have upgraded over the years to 4.3.10. I and some of my users have upgraded remote-viewer and now I get an error when I try to view the console of my VMs: (remote-viewer:8252): Spice-WARNING **: 11:30:41.806: ../subprojects/spice-common/common/ssl_verify.c:477:openssl_verify: Error in server certificate verification: CA signature digest algorithm too weak (num=68:depth0:/O=/CN=) I am 99.99% sure this is because the old certs use SHA1. I reran engine-setup on the engine and it asked me if I wanted to renew the PKI, and I answered yes. This replaced many[1] of the certificates in /etc/pki/ovirt-engine/certs on the engine, but it did not update the Host's certificate. All the documentation I've seen says that to refresh this certificate I need to put the host into maintenance mode and then re-enroll.. However I cannot do that, because this is a single-host system so I cannot put the host in local mode -- there is no place to migrate the VMs (let alone the Engine VM). So Is there a command-line way to re-enroll manually and update the host certs? Or some other way to get all the leftover certs renewed? Thanks, -derek [1] Not only did it not update the Host's cert, it did not update any of the vmconsole-proxy certs, nor the certs in /etc/pki/ovirt-vmconsole/, and obviously nothing in /etc/pki/ on the host itself. -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/JEW5WIRD67WMF6TVG7367ZMSHX2KYGGV/
[ovirt-users] Re: Single Node HCI upgrade procedure from CentOS7/oVirt 4.3 to CentOS8/oVirt 4.4?
There are plenty of other reasons to be running a single-host Hyperconverged deployment, in production. One of them is financial. Another is for small-scale production systems that don't have the space, finances, or other resources to run a 3-node system. Considering it a "toy" doesn't mean it isn't (or shouldn't be) a supported deployment. Having a tested upgrade path from EL 7.x/Ovirt 4.3.x to EL 8 / Ovirt 4.4 running on a single system would be extremely useful in those situations. I do realize that any upgrade of a single-host system is rife with the dangers of a failed upgrade, and it requires downtime either way. However I feel an in-place (yum/dnf) path is "safer" than a "reinstall from scratch" path. So having a well-documented path would be ideal. Thanks! -derek PS: While I am LOOKING at expanding my 1-node system to 3, I don't see that happening any time soon. And even then, I would need to migrate my NFS storage to something more distributed like Gluster. So I suspect I would need to reinstall the self-hosted engine regardless to change its storage, and then I can migrate all existing VMs from NFS to Gluster. On Sat, September 26, 2020 9:00 am, tho...@hoberg.net wrote: > I can hear you saying: "You did understand that single node HCI is just a > toy, right?" > > For me the primary use of a single node HCI is adding some disaster > resilience in small server edge type scenarios, where a three node HCI > provides the fault tolerance: 3+1 with a bit of distance, warm or even > cold stand-by, potentially manual switch and reduced workload in case > disaster strikes. > > Of course, another 3nHCI would be better, but who gets that type of > budget, right? > > What I am trying say: If you want oVirt to gain market share, try to give > HCI more love. And while you're at it, try to make expanding from 1nHCI to > 3nHCI (and higher counts) a standard operational procedure to allow > expanding a disaster stand-by into a production setup, while the original > 3nHCI is being rebuilt. > > For me low-budget HCI is where oVirt has its biggest competitive advantage > against vSan and Nutanix, so please don't treat the HCI/gluster variant > like an unwanted child any more. > > In the mean-time OVA imports (from 4.3.10 exports) on my 4.4.2 1nHCI fail > again, which I'll report separately. > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/QI3Z45SRJD72ZJIX6HZCVC7DVVSZCKUW/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/5MMU7TOS2776IV72H75WMJTZCF7TAHDU/
[ovirt-users] Re: VM AutoStart
I did. years ago. When 4.0 was current. Some of the work to implement that went into 4.4, where it will recover state on a crash (i.e., if you have VMs marked as auto-start and you have a power outage, it will restart them). However, I believe there is no order to it, and it will only start VMs that were running when the system went down. That doesn't help me; I have a single-host ovirt system and whenever I do routine maintenance I cleanly shut down the VMs, and I want them to come back up when ovirt does. There is, I believe, more going into later versions. I think there are still at least one or two open RFEs on auto-starting VMs. But I still use the script because I need complete fault recovery on my system, and I need ordering of restarts (need my DNS server to come up before other things, for example). If you do need to make fixes for python3, please feel free to send them my way! -derek On Wed, September 30, 2020 4:14 pm, Jeremey Wise wrote: > > > Ya.. that is a lot easier. > > Someone should put this in as a feature request. I don't want HA (and > have > errors on getting that to work) I just want VMs to boot on initial > cluster > start. > > this was standard in libvirt :) I am trying to convert to oVirt ways... > > On Wed, Sep 30, 2020 at 4:10 PM Derek Atkins wrote: > >> HI, >> >> On Wed, September 30, 2020 3:50 pm, Jeremey Wise wrote: >> > As the three servers are Centos8 minimal installs. + oVirt HCI wizard >> to >> > keep them lean and mean... a couple questions >> >> Note that you run this on the Engine VM, not on a host. >> >> > 1) which version of python would I need for this (note in script about >> > python 2 but isn't that deprecated?) >> > [root@thor /]# yum install python >> > Last metadata expiration check: 2:29:38 ago on Wed 30 Sep 2020 >> 01:18:32 >> PM >> > EDT. >> > No match for argument: python >> > There are following alternatives for "python": python2, python36, >> python38 >> > Error: Unable to find a match: python >> >> I am still running 4.3, so "python" is 2.7. >> I have not tested with python3.. >> >> > 2) When you have three nodes.. one is set to host the ovirt-engine >> > active, >> > and another as backup. If this is added to rc.local. Of the two >> nodes >> > hosting HA for oVirt-engine.. node which boots first will host (or so >> it >> > seems). I think if I add this to both those hosts .. it will not >> create >> > issues. Any thoughts? >> >> Don't run it on a host, run it from within the Engine VM. >> >> The host(s) will figure out by themselves that they need to start the >> engine if one isn't running. Then when the engine starts the script >> will >> run and start the VMs. >> >> -derek >> >> > >> > On Wed, Sep 30, 2020 at 3:23 PM Derek Atkins wrote: >> > >> >> I run it out of rc.local: >> >> >> >> /usr/local/sbin/start_vms.py > /var/log/start_vms 2>&1 & >> >> >> >> The script is smart enough to wait for the engine to be fully active. >> >> >> >> -derek >> >> >> >> On Wed, September 30, 2020 3:11 pm, Jeremey Wise wrote: >> >> > i would like to eventually go ansible route.. and was starting >> down >> >> that >> >> > path but this is fabulous. >> >> > >> >> > I will modify and post how it went. >> >> > >> >> > One question: How /where do you set this saved new and delicious >> >> script >> >> > so >> >> > once oVirt-engine comes up... it runs? >> >> > >> >> > Thanks >> >> > >> >> > On Wed, Sep 30, 2020 at 2:42 PM Derek Atkins >> wrote: >> >> > >> >> >> Hi, >> >> >> >> >> >> I had a script based around ovirt-shell which I re-wrote as a >> script >> >> >> around the Python SDK4 which I run on my engine during the startup >> >> >> sequence. The script will wait for the engine to come up and >> ensure >> >> the >> >> >> storage domains are up before it tries to start the VMs. Then it >> >> will >> >> >> go >> >> >> ahead and start the VMs in the specified order with specified >> delay >> >> >> and/or >> >> >> wait-for-up signal between them. >&
[ovirt-users] Re: VM AutoStart
HI, On Wed, September 30, 2020 3:50 pm, Jeremey Wise wrote: > As the three servers are Centos8 minimal installs. + oVirt HCI wizard to > keep them lean and mean... a couple questions Note that you run this on the Engine VM, not on a host. > 1) which version of python would I need for this (note in script about > python 2 but isn't that deprecated?) > [root@thor /]# yum install python > Last metadata expiration check: 2:29:38 ago on Wed 30 Sep 2020 01:18:32 PM > EDT. > No match for argument: python > There are following alternatives for "python": python2, python36, python38 > Error: Unable to find a match: python I am still running 4.3, so "python" is 2.7. I have not tested with python3.. > 2) When you have three nodes.. one is set to host the ovirt-engine > active, > and another as backup. If this is added to rc.local. Of the two nodes > hosting HA for oVirt-engine.. node which boots first will host (or so it > seems). I think if I add this to both those hosts .. it will not create > issues. Any thoughts? Don't run it on a host, run it from within the Engine VM. The host(s) will figure out by themselves that they need to start the engine if one isn't running. Then when the engine starts the script will run and start the VMs. -derek > > On Wed, Sep 30, 2020 at 3:23 PM Derek Atkins wrote: > >> I run it out of rc.local: >> >> /usr/local/sbin/start_vms.py > /var/log/start_vms 2>&1 & >> >> The script is smart enough to wait for the engine to be fully active. >> >> -derek >> >> On Wed, September 30, 2020 3:11 pm, Jeremey Wise wrote: >> > i would like to eventually go ansible route.. and was starting down >> that >> > path but this is fabulous. >> > >> > I will modify and post how it went. >> > >> > One question: How /where do you set this saved new and delicious >> script >> > so >> > once oVirt-engine comes up... it runs? >> > >> > Thanks >> > >> > On Wed, Sep 30, 2020 at 2:42 PM Derek Atkins wrote: >> > >> >> Hi, >> >> >> >> I had a script based around ovirt-shell which I re-wrote as a script >> >> around the Python SDK4 which I run on my engine during the startup >> >> sequence. The script will wait for the engine to come up and ensure >> the >> >> storage domains are up before it tries to start the VMs. Then it >> will >> >> go >> >> ahead and start the VMs in the specified order with specified delay >> >> and/or >> >> wait-for-up signal between them. >> >> >> >> You can find my scripts at https://www.ihtfp.org/ovirt/ >> >> >> >> Or you can go the ansible route :) >> >> >> >> Enjoy! >> >> >> >> -derek >> >> >> >> On Wed, September 30, 2020 11:21 am, Jeremey Wise wrote: >> >> > When I have to shut down cluster... ups runs out etc.. I need a >> >> sequence >> >> > set of just a small number of VMs to "autostart" >> >> > >> >> > Normally I just use DNS FQND to connect to oVirt engine but as two >> of >> >> my >> >> > VMs are a DNS HA cluster.. as well as NTP / SMTP /DHCP etc... I >> >> need >> >> > those two infrastructure VMs to be auto boot. >> >> > >> >> > I looked at HA settings for those VMs but it seems to be watching >> for >> >> > pause >> >> > /resume.. but it does not imply or state auto start on clean first >> >> boot. >> >> > >> >> > Options? >> >> > >> >> > >> >> > -- >> >> > p enguinpages >> >> > ___ >> >> > Users mailing list -- users@ovirt.org >> >> > To unsubscribe send an email to users-le...@ovirt.org >> >> > Privacy Statement: https://www.ovirt.org/privacy-policy.html >> >> > oVirt Code of Conduct: >> >> > https://www.ovirt.org/community/about/community-guidelines/ >> >> > List Archives: >> >> > >> >> >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/VAYHFFSANCBRN44ABBTXIYEAR3ZFCP6N/ >> >> > >> >> >> >> >> >> -- >> >>Derek Atkins 617-623-3745 >> >>de...@ihtfp.com www.ihtfp.com >> >>Computer and Internet Security Consultant >> >> >> >> >> > >> > -- >> > jeremey.w...@gmail.com >> > >> >> >> -- >>Derek Atkins 617-623-3745 >>de...@ihtfp.com www.ihtfp.com >>Computer and Internet Security Consultant >> >> > > -- > jeremey.w...@gmail.com > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/BAMLT6SIDJ63L2GVPLEGZEUXAI7QLB33/
[ovirt-users] Re: VM AutoStart
I run it out of rc.local: /usr/local/sbin/start_vms.py > /var/log/start_vms 2>&1 & The script is smart enough to wait for the engine to be fully active. -derek On Wed, September 30, 2020 3:11 pm, Jeremey Wise wrote: > i would like to eventually go ansible route.. and was starting down that > path but this is fabulous. > > I will modify and post how it went. > > One question: How /where do you set this saved new and delicious script > so > once oVirt-engine comes up... it runs? > > Thanks > > On Wed, Sep 30, 2020 at 2:42 PM Derek Atkins wrote: > >> Hi, >> >> I had a script based around ovirt-shell which I re-wrote as a script >> around the Python SDK4 which I run on my engine during the startup >> sequence. The script will wait for the engine to come up and ensure the >> storage domains are up before it tries to start the VMs. Then it will >> go >> ahead and start the VMs in the specified order with specified delay >> and/or >> wait-for-up signal between them. >> >> You can find my scripts at https://www.ihtfp.org/ovirt/ >> >> Or you can go the ansible route :) >> >> Enjoy! >> >> -derek >> >> On Wed, September 30, 2020 11:21 am, Jeremey Wise wrote: >> > When I have to shut down cluster... ups runs out etc.. I need a >> sequence >> > set of just a small number of VMs to "autostart" >> > >> > Normally I just use DNS FQND to connect to oVirt engine but as two of >> my >> > VMs are a DNS HA cluster.. as well as NTP / SMTP /DHCP etc... I >> need >> > those two infrastructure VMs to be auto boot. >> > >> > I looked at HA settings for those VMs but it seems to be watching for >> > pause >> > /resume.. but it does not imply or state auto start on clean first >> boot. >> > >> > Options? >> > >> > >> > -- >> > p enguinpages >> > ___ >> > Users mailing list -- users@ovirt.org >> > To unsubscribe send an email to users-le...@ovirt.org >> > Privacy Statement: https://www.ovirt.org/privacy-policy.html >> > oVirt Code of Conduct: >> > https://www.ovirt.org/community/about/community-guidelines/ >> > List Archives: >> > >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/VAYHFFSANCBRN44ABBTXIYEAR3ZFCP6N/ >> > >> >> >> -- >>Derek Atkins 617-623-3745 >>de...@ihtfp.com www.ihtfp.com >>Computer and Internet Security Consultant >> >> > > -- > jeremey.w...@gmail.com > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/FPIQXRONES2HEZTAK437GQTGPOAYGILT/
[ovirt-users] Re: VM AutoStart
Hi, I had a script based around ovirt-shell which I re-wrote as a script around the Python SDK4 which I run on my engine during the startup sequence. The script will wait for the engine to come up and ensure the storage domains are up before it tries to start the VMs. Then it will go ahead and start the VMs in the specified order with specified delay and/or wait-for-up signal between them. You can find my scripts at https://www.ihtfp.org/ovirt/ Or you can go the ansible route :) Enjoy! -derek On Wed, September 30, 2020 11:21 am, Jeremey Wise wrote: > When I have to shut down cluster... ups runs out etc.. I need a sequence > set of just a small number of VMs to "autostart" > > Normally I just use DNS FQND to connect to oVirt engine but as two of my > VMs are a DNS HA cluster.. as well as NTP / SMTP /DHCP etc... I need > those two infrastructure VMs to be auto boot. > > I looked at HA settings for those VMs but it seems to be watching for > pause > /resume.. but it does not imply or state auto start on clean first boot. > > Options? > > > -- > p enguinpages > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/VAYHFFSANCBRN44ABBTXIYEAR3ZFCP6N/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/NWZVOBMIUWXADBIEG5OJH4ARVXNI3CDD/
[ovirt-users] Re: invalid spf record for ovirt.org
Hi, The current SPF record reads: v=spf1 a:mail.ovirt.org a:gerrit.ovirt.org 66.187.233.88 ~all As pointed out, this is invalid. It requires an "ip4:" in there, so it SHOULD read: v=spf1 a:mail.ovirt.org a:gerrit.ovirt.org ip4:66.187.233.88 ~all Arguably it should also include a /32, but I don't think that's required. I'm not sure to whom this bug should be reported. -derek On Wed, July 22, 2020 8:49 am, Jorick Astrego wrote: > Hi, > > During routine maintenance on our mailserver I noticed the following in > the log: > > [22/Jul/2020 14:33:33] Error when parsing SPF TXT record for domain: > ovirt.org, envelope-from=users-boun...@ovirt.org, message: Invalid > character found near "" in "66.187.233.88" > > A check on MXtoolbox also gives an invalid systax error: > > v=spf1 a:mail.ovirt.org a:gerrit.ovirt.org 66.187.233.88 ~all > > PrefixTypeValue PrefixDesc Description Error > > v spf1 > The SPF record version > + a mail.ovirt.org PassMatch if IP has a DNS 'A' > record in > given domain. > + a gerrit.ovirt.orgPassMatch if IP has a DNS > 'A' record in > given domain. > + 66.187.233.88 > PassUnknown Unknown mechanisms are not allowed > ~ all > SoftFailAlways matches. It goes at the end of your record. > > > TestResult > > <https://mxtoolbox.com/problem/spf/spf-syntax-check?page=prob_spf=spf:ovirt.org=1=0=1> > SPF Syntax CheckInvalid syntax found > > > > > > Met vriendelijke groet, With kind regards, > > Jorick Astrego > > Netbulae Virtualization Experts > > > > Tel: 053 20 30 270 i...@netbulae.euStaalsteden 4-3A > KvK 08198180 > Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede > BTW > NL821234584B01 > > > > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/I4MDC4WBOOHE4TYDW4OL5SRGV7S44BIH/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/K6IBOAYHFNBMZ6ZHVR64EIIO7NZGOVDU/
[ovirt-users] Re: EXTERNAL - Re: Update to Ovirt 4.3.10-4-1 causes XFS issue
Hi, Chaz Vidal writes: > Thank you for the response! > > I tried to do another upgrade again on the ovirt manager and can > confirm that it is now in the supposedly fixed version of the kernel. > > However, when I try to update the hosts using the prescribed gui style > method they do report back as no updates available. > > Should I force an update on the kernel on the hosts or is this not advised? There shouldn't be a need. Are you sure the hosts are running the old kernel? The hosts should just update via "yum update", although I admit I don't know what the "update" function from the UI does under the covers. I have a single-host hyperconverged system so I have to update manually.. You can check if there is anything to do by logging into the host and running: "yum check-update"; it shouldn't list anything. > Thanks > Chaz -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/S2SI6EO3VV7FW3IJTDKX7VUPXLXOQ4B2/
[ovirt-users] Re: Update to Ovirt 4.3.10-4-1 causes XFS issue
Hi, "Chaz Vidal" writes: > Hi All > I think I have come across this bug: > > https://access.redhat.com/solutions/5075561 > > Updating Ovirt to 4.3.10 shows that the kernel installed on the hosts > is the version that has the issue: > > 3.10.0-1127.8.2.el7.x86_64 > > The RedHat article suggests updating to kernel-3.10.0-1127.10.1.el7 > but running engine-upgrade-check now shows no updates available from > my engine manager. > > Is this something I can fix myself or would the updated kernel be available? > > Appreciate the advice as new to Ovirt. Normally I would point the > hosts to the new kernel but I think it should be updated through Ovirt > manager, correct? On the engine my update method is the following: engine-setup yum upgrade engine-setup reboot So basically run engine-setup which will update the Ovirt packages, then you can "yum upgrade" to upgrade the base system, then re-run engine-setup just to be sure nothing broke. Then you can reboot into the new kernel. The reason I do this is that engine-setup wont upgrade the full OS (including kernel) -- it will only update the ovirt packages. Hope this helps, > Thanks! > Chaz -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/JLYO3LZG6QYKEEWDTF5ZSOWU7JXP3CZQ/
[ovirt-users] Re: AutoStart VMs (was Re: Re: oVirt 4.4.0 Release is now generally available)
Hi, Strahil Nikolov writes: > Hi Derek, > > I also don't like Python (and I prefer Salt instead of Ansible), but > Ansible is the wiser option /personal opinion/ . > My reasons - API change , so your code will eventually will die. > With Ansible - a lot of people use it and there is a high chance that > some updates the Ansible module that will do the job even after the > API changes. Thank you for your input. Turns out it's probably not an issue right now anyways because my understanding is that there is no "live" upgrade path from 4.3/7.x to 4.4/8.x. My understanding is that the only upgrade path is a re-install. If that's the case, then I suspect it will be a VERY long time until I upgrade, because I'm on a single-host production system so can't stage a reinstall the same way I can stage a "yum upgrade". > Also, Ansible is declarative , while python will need more effort. I guess only time will tell ;) There wasn't a significant learning curve to python (as I've already had experience with it, and most of what I needed to do was already in the SDK examples). Ansible is a tool I have never even looked at, let alone tried to use it, so I suspect it would take me more than a couple hours to get it working. > Best Regards, > Strahil Nikolov -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y5ZOZHNN4ERKPAGZ3QN5D7RY3ZC4XQPG/
[ovirt-users] Re: AutoStart VMs (was Re: Re: oVirt 4.4.0 Release is now generally available)
Hi, On Wed, May 27, 2020 5:38 pm, Gianluca Cecchi wrote: [snip] > But you hated Python, didn't you? ;-) I do. Can't stand it. Doesn't mean I can't read it and/or write it, but I have to hold my nose doing it. Syntactic white space? Eww. But Python is already installed and used and, apparently, supported.. And when I looked at the examples I found that 90% of what I needed to do was already implemented, so it turned out to be much easier than expected. > I downloaded your files, even if I'm far from knowing python It's pretty much a direct translation of my bash script around ovirt-shell. It does have one feature that the old code didn't, which is the ability to wait for ovirt to declare that a vm is actually "up". > try the ansible playbook that gives you more flexibility in my opinion I've never even installed ansible, let alone tried to use it. I don't need flexibility, I need the job to get done. But I'll take a look when I get the chance. Thanks! > Gianluca -derek PS: you (meaning whomever is "in charge" is welcome to add my script(s) to the examples repo if you feel other people would benefit from seeing it there. -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/J6JJBY37J4N2KGVFL5V3EHCXUONQWBLR/
[ovirt-users] Re: AutoStart VMs (was Re: Re: oVirt 4.4.0 Release is now generally available)
Eh, no point in creating a repo for that, so I just put them on the web: https://www.ihtfp.org/ovirt/ -derek On Wed, May 27, 2020 11:05 am, Staniforth, Paul wrote: > > Thanks Derek, > GitHub or GitLab probably. > > Regards, > Paul S. > ____ > From: Derek Atkins > Sent: 27 May 2020 15:50 > To: Gianluca Cecchi > Cc: tho...@hoberg.net ; users > Subject: [ovirt-users] AutoStart VMs (was Re: Re: oVirt 4.4.0 Release is > now generally available) > > Caution External Mail: Do not click any links or open any attachments > unless you trust the sender and know that the content is safe. > > Hi, > > (Sorry if you get this twice -- looks like it didn't like the python > script in there so I'm resending without the code) > > Gianluca Cecchi writes: > >> Hi Derek, >> today I played around with Ansible to accomplish, I think, what you >> currently >> do in oVirt shell. >> It was the occasion to learn, as always, something new: as "blocks" in >> Ansible >> dont' support looping, a workaround to get that. >> Furthermore I have a single host environment where it can turn usefull >> too... > [snip] > > I found the time to work on this using the Python SDK. Took me longer > than I wanted but I think I've got something working now. I just > haven't done a FULL test, yet, but a runtime time on the online system > works (I commented out the start call). > > I still have two files, a vm_list.py which is a config file that > contains the list of VMs, in order, and then the main program itself > (start_vms.py) which is based on several of the examples available in > github. > > Unfortunately I can't seem to send the script in email because it's > getting blocked by the redhat server -- so I have no idea the best way > to share it. > > -derek > > -- >Derek Atkins 617-623-3745 >de...@ihtfp.com > https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ihtfp.com%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C481a5446434f4870d2af08d8024ebc14%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637261884477418381sdata=91YXNjtMwqPp%2BYzfXDfWRaas2hwrWl55AHoW89yq4E8%3Dreserved=0 >Computer and Internet Security Consultant > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fprivacy-policy.htmldata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C481a5446434f4870d2af08d8024ebc14%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637261884477418381sdata=zWJOVIR%2BpaBxBoYYXxc6eNw%2B5lc2%2BdYrBF8VUCxCUAI%3Dreserved=0 > oVirt Code of Conduct: > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fcommunity%2Fabout%2Fcommunity-guidelines%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C481a5446434f4870d2af08d8024ebc14%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637261884477418381sdata=HgU9l5h4kCDZ7%2BiZ3DrXgYeRFzmB8fUiRs8BRrXs%2BTY%3Dreserved=0 > List Archives: > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ovirt.org%2Farchives%2Flist%2Fusers%40ovirt.org%2Fmessage%2FX7KLBANUBJCMASFONU2SZQH5Z3HJU2SI%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C481a5446434f4870d2af08d8024ebc14%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637261884477418381sdata=XtCL1PEnD3VeqtTSSClvIkovqJRklwisxK%2FZD9HnLRI%3Dreserved=0 > To view the terms under which this email is distributed, please go to:- > http://leedsbeckett.ac.uk/disclaimer/email/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/2SWGNCELQXAQ6RB6KPQ3RR62G63OLKAS/
[ovirt-users] AutoStart VMs (was Re: Re: oVirt 4.4.0 Release is now generally available)
Hi, (Sorry if you get this twice -- looks like it didn't like the python script in there so I'm resending without the code) Gianluca Cecchi writes: > Hi Derek, > today I played around with Ansible to accomplish, I think, what you currently > do in oVirt shell. > It was the occasion to learn, as always, something new: as "blocks" in Ansible > dont' support looping, a workaround to get that. > Furthermore I have a single host environment where it can turn usefull too... [snip] I found the time to work on this using the Python SDK. Took me longer than I wanted but I think I've got something working now. I just haven't done a FULL test, yet, but a runtime time on the online system works (I commented out the start call). I still have two files, a vm_list.py which is a config file that contains the list of VMs, in order, and then the main program itself (start_vms.py) which is based on several of the examples available in github. Unfortunately I can't seem to send the script in email because it's getting blocked by the redhat server -- so I have no idea the best way to share it. -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/X7KLBANUBJCMASFONU2SZQH5Z3HJU2SI/
[ovirt-users] Re: oVirt 4.4.0 Release is now generally available
Hi, Strahil Nikolov writes: > Actually, > You can use Ansible and 'uri' module to communicate wwith the engine > via the API. Most probably the 'uri' module was written in python - > but you don't have to deal with python code - just ansible. > Also, it's worth checking the ansible Ovirt modules , as they are kept > up to date evwn when the API endpoint changes. > > I think it won't be too hard to get a list of the VMs and then create > some logic how to order them for the 'ignition'. I took a much closer look at the examples yesterday and there are 2 of the 3 things I need already there: 1) test_connection.py -- make sure the engine is up 2) [ get list of total and attached storage domains ] 3) start_vm.pl -- start a VM (by name, it looks like) So really it's only #2 that is missing. There is a show_summary.py in there, but that doesn't give me *all* the code I need to piece together (but I suspect it's close to what I need as I was calling the 'summary' ovirt-shell api to get the info I needed before). I suspect I just need to pull apart the api.summary.storage_domains class to figure out what I need. Clearly there is a 'total', so I just need to figure out 'up', and it looks like I might be able to rewrite my script. Python... EWW. FTR: I don't think I need to check that the datacenter status is up; I added that in not really understanding the changes between 4.1 and 4.3. The issue is that the storage domain status isn't initialized to 'down' when the engine first comes up so my script was testing that and seeing all domains up when they really weren't. > Best Regards, > Strahil Nikolov -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/CHFRKNZLNHNJOGSEHOX5QAIMBYUYD3VZ/
[ovirt-users] Re: oVirt 4.4.0 Release is now generally available
Nir, Nir Soffer writes: > Why not open RFE to add the feature you need? I did -- about 3-4 years ago. SOME of them have been implemented, some have been partially implemented, but I am still waiting for ovirt to support the full VM startup functionality that I had in vmware-server from like 2007 (or earlier). Part of the issue here is that I suspect most ovirt users have multiple hosts and therefore rarely have to worry about how host-system maintenance affects the VMs, and probably live in data centers with redundant power supplies, UPSes, and backup generators. I, on the other hand, I've got a single system so when I need to perform any maintenance I need to take down everything, or if I have a power outage that outlasts my UPS, or... I want the VMs to come back up automatically -- and in a particular order (e.g., I need my DNS and KDC servers to come up before others). I filed these RFEs during the 4.0 days, which is when I first started using ovirt and put it into deployment. > You can use the python SDK to do anything supported by oVirt API. > Did you look here? > https://github.com/oVirt/ovirt-engine-sdk/tree/master/sdk/examples I have looked there, but I stopped reading after seeing "python". ;) Frankly I detest python. I think it's an abomination. There are so many other, better languages out there and I don't understand why so many people like it (and worse, force it down everyone else's throats). But I'll step off my soap-box (and get off my lawn!) lol. Honestly, I already spent the time to build a tool to do what I need. I even had to update the tool going from 4.1 to 4.3 because some startup assumptions changed. I really don't want to spend the time again, time I frankly don't have right now, to re-implement what I've already got. It's easier for me to just stay put on 4.3.x. Yes, I realize that in about 2 years or so I will need to do so. I'll worry about that then. Of course, since the (partial?) functionality is only in 4.4, I really have no way to test it to make sure it does what I need, so see what I'm missing. I don't have a testbed to play with it, just my one system. Thanks, -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/X7LYSJ6M2YUUKSRT3H4A5RR4MUOTNYOS/
[ovirt-users] Re: oVirt 4.4.0 Release is now generally available
Hi, On Wed, May 20, 2020 3:06 pm, Gianluca Cecchi wrote: > In the mean time, just to better understand your environment, you say that > you are in a single host environment. > Can you detail where does your engine live? Is it a server outside the > host > or are you in a Self Hosted Engine configuration? Self-hosted engine. > And what are the kind of your storage domains, are they NFS served by the > server itself or by Gluster on the host or external hosts or what? NFS served by the host itself. Both Host and Engine are CentOS-based systems with ovirt installed on top of it. Currently running 4.3.8; I plan to upgrade to 4.3.10 (and 7.8) once it goes GA. The start_vms.sh script is, of course, run on the engine, and runs with a user with appropriate privs to start VMs. Thanks! > Gianluca -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/G6E2M52VW4QZQM46SRCKSW4UXZHH5K7P/
[ovirt-users] Re: oVirt 4.4.0 Release is now generally available
Hi, On Wed, May 20, 2020 12:28 pm, Gianluca Cecchi wrote: > Il Mer 20 Mag 2020, 18:15 Derek Atkins ha scritto: > > [snip] > > I am happy to share my startup script if someone else wants to port it to >> work with 4.4. :-) >> >> -derek >> > > Interesting. yes, please. > We could try to convert to python or through ansible and/or leverage > already existing roles/modules. > > Gianluca Sure, I cannot attach the script because it will get blocked by the mailer, so I'll just copy-and-paste it below (which of course means that it'll be line-wrapped, which might break it but you'll at least see what it's doing). The script does have some embedded assumptions about my system (like the number of storage domains to look for). It's broken into two parts, the script itself (start_vms.sh) and a sysconfig script that says what VMs to start. I run start_vms.sh from /etc/rc.d/rc.local: /usr/local/sbin/start_vms.sh > /var/log/start_vms 2>&1 & The /etc/sysconfig/vm_list file looks like: default_timeout=10 # Ordered list of VMs declare -a vm_list=( first-vm second-vm ) # Timeout override (otherwise use default_timeout) declare -A vm_timeout=( [first-vm]=30 ) The start_vms.sh script itself: #!/bin/bash [ -f /etc/sysconfig/vm_list ] || exit 0 . /etc/sysconfig/vm_list echo -n "Starting at " date # Wait for the engine to respond while [ `ovirt-shell -I -c -F -T 50 -E ping 2>/dev/null | grep -c success` != 1 ] do echo "Not ready... Sleeping..." sleep 60 done # Now wait for the storage domain to appear active echo -n "Engine up. Searching for disks at " ; date # The 4.3.x engine keeps stale data, so let's wait for it to update # to the correct state before we start looking for storage domains sleep 60 total_disks=`ovirt-shell -I -c -E summary | grep storage_domains-total | sed -e 's/.*: //'` # subtract one because we know we're not using the image-repository total_disks=`expr $total_disks - 1` active_disks=`ovirt-shell -I -c -E summary | grep storage_domains-active | sed -e 's/.*: //'` while [ $active_disks -lt $total_disks ] do echo "Storage Domains not active yet. Only found $active_disks/$total_disks. Waiting..." sleep 60 active_disks=`ovirt-shell -I -c -E summary | grep storage_domains-active | sed -e 's/.*: //'` done # Now wait for the data center to show up echo -n "All storage mounted. Waiting for datacenter to be up at " date while [ `ovirt-shell -I -c -E 'show datacenter Default' | grep status-state | sed -e 's/.*: //'` != 'up' ] do echo "Not ready... Sleeping..." sleep 60 done # Now start all of the VMs in the requested order. echo -n "Datacenter up. Starting VMs at "; date for vm in "${vm_list[@]}" do timeout=${vm_timeout[$vm]:-$default_timeout} ovirt-shell -I -c -E "action vm $vm start" sleep "$timeout" done Enjoy! -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/O3TENJOBFUZN6PYI3OR5TK3S5YJJJ6WH/
[ovirt-users] Re: oVirt 4.4.0 Release is now generally available
On Wed, May 20, 2020 11:19 am, Sandro Bonazzola wrote: > Il giorno mer 20 mag 2020 alle ore 16:33 ha scritto: > >> My enthusiasm for CentOS8 is limited. >> My enthusiasm for a hard migration even more so. >> So how much time do I have before 4.3 becomes inoperable? >> > > oVirt 4.3.10 is approaching GA and we expect 4.3.11 to be released too > before declaring 4.3 at the end of life. > After that, 4.3 should keep working till CentOS 7 or any other repo on the > system will break it with some incompatible change. > I totally understand system administrators' point of view and how > difficult > it is to find a good maintenance window for a busy production > environment, ensuring backups are recent enough, check new requirements > matching, give it a try on a test environment if it's available and so on. > That said, I would really encourage starting to plan a maintenance window > for upgrading to 4.4 as soon as practical. > It will be easier to help with upgrade from 4.3 at this time than 2 years > from now when 4.3 can be broken (or new hardware replacement will be > missing drivers on CentOS 7) and there won't be any additional release for > fixing upgrade incompatibilities. I can't speak to other people, but the lack of "ovirt-shell" for 4.4 is a deal-breaker for me to upgrade at this time, and probably for the forseeable future. I've been working on migrating my mail server for 3 years now and still haven't finished that; migrating ovirt to a new platform that requires new startup support?? Haha. Granted, I suspect SOME of the reasons I have this script might be implemented in 4.4 (e.g. auto-start of VMs). However, my understanding of the auto-start feature is that it's really an auto-restart -- it will restart a VM that was running if the datacenter crashes, but if I shut it down manually and then "reboot" the cluster, those VMs wont come back automatically. As I am on a single-host system, I need it to start from a clean shutdown and bring up all the VMs in addition to dealing with power-outage reboots. I work from the "if it aint broke, don't fix it" camp. So I think I'm going to stick with 4.3 until I can't anymore. I am happy to share my startup script if someone else wants to port it to work with 4.4. :-) -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/NHIGVCJOWLGUB4LJOKXNTFUJRNVYA5RB/
[ovirt-users] Re: Ovirt API and CLI
Hi, It took me about 5 seconds to google for "ovirt sdk4" and the first link is: https://github.com/oVirt/ovirt-engine-sdk/tree/master/sdk NB: I am not an ovirt dev (nor am I a python programmer, although I do play one on TV sometimes ;-). -derek On Fri, February 28, 2020 1:12 pm, Eugène Ngontang wrote: > Yes I know ovirt-shell. > > But if the Interface (API) is well exposed, we could ourself code add-hoc > client to interact with, as we know how it's defined and structured. > > Please do you have useful links about those SDK4 and others API/CLI > related > stuff? > > Regards, > Eugène NG > > Le ven. 28 févr. 2020 à 16:50, Derek Atkins a écrit : > >> Yes. The devs call it "SDK4", which has been around for a few releases >> now. >> The CLI, however, uses SDK3, which was removed from Ovirt 4.4. >> Search for "ovirt-shell". >> >> -derek >> >> On Fri, February 28, 2020 10:47 am, Eugène Ngontang wrote: >> > @Derek, >> > >> > You're talking about a client the should up-port, but before having a >> > client, my question is is there a documented API (server) to interact >> with >> > through that client? >> > >> > Eugene NG >> > >> > Le jeu. 27 févr. 2020 à 14:57, Derek Atkins a écrit >> : >> > >> >> Eugene, >> >> >> >> On Thu, February 27, 2020 4:53 am, Eugène Ngontang wrote: >> >> > Yes Ansible ovirt_vms module is useful, I use it for >> >> > provisioning/deployment, but once my VM created, I'd like to >> >> > administrate/interact with them, I don't think I should write >> >> playbooks >> >> > for >> >> > that. >> >> > >> >> > But I'll find a solution. >> >> >> >> I am in a similar boat as you. I wrote some management scripts >> around >> >> ovirt-shell when I first started using ovirt (4.0), in order to mimic >> >> some >> >> vmware-server features that I needed. I run a single-host >> hosted-engine >> >> environment, so when the system boots up (e.g. from a power failure) >> I >> >> wanted all my VMs to auto-start, and to start in the correct order. >> I >> >> can't use the ovirt power management utilities because it's only a >> >> single >> >> host. So I wrote a relatively small script around ovirt-shell that >> >> would >> >> do the following: >> >> >> >> 1) Wait for the engine to respond >> >> 2) Wait for the storage to come online >> >> 3) Start my VMs, with appropriate order and delay between >> >>(e.g., ensure my DNS server and KDC come up before other VMs) >> >> >> >> I know that SOME of these features are now in Ovirt (and I think they >> >> are >> >> even in 4.4), but my understanding is that they only return the >> system >> >> to >> >> previous state and wont auto-start a VM that was cleanly shut down. >> >> Also >> >> the ordering is, IIUC, somewhat course (low/medium/high). >> >> >> >> At this point I plan to delay my deployment of 4.4 or beyond because >> >> what >> >> I have in 4.3 is working (still), and frankly I have no interest in >> >> learning Ansible or Python just to replace what should be a >> relatively >> >> simple script. >> >> >> >> I honestly find it very sad that the developers wont up-port >> >> ovirt-client >> >> to SDK4. If SDK4 is "so good" vs SDK3 then I don't see why it would >> be >> >> hard to do that. And if it IS that hard to do, then how do they >> expect >> >> us >> >> to use it? >> >> >> >> Maybe I will find some time to play with OV4.4 on a test system in >> order >> >> to play with the auto-start features. In my copious amounts of free >> >> time. :( >> >> >> >> Thanks, >> >> >> >> -derek >> >> >> >> -- >> >>Derek Atkins 617-623-3745 >> >>de...@ihtfp.com www.ihtfp.com >> >>Computer and Internet Security Consultant >> >> >> >> >> > >> > -- >> > LesCDN <http://lescdn.com> >> > engont...@lescdn.com >> > >> > *Aux hommes il faut un chef, et au* >> > >> > * chef il faut des hommes!L'habit ne fait pas le moine, mais lorsqu'on >> te >> > voit on te juge!* >> > >> >> >> -- >>Derek Atkins 617-623-3745 >>de...@ihtfp.com www.ihtfp.com >>Computer and Internet Security Consultant >> >> > > -- > LesCDN <http://lescdn.com> > engont...@lescdn.com > > *Aux hommes il faut un chef, et au* > > * chef il faut des hommes!L'habit ne fait pas le moine, mais lorsqu'on te > voit on te juge!* > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/AHCCQP2G4WTY6NMRTDSTYYC5CB6VZK6K/
[ovirt-users] Re: Ovirt API and CLI
Yes. The devs call it "SDK4", which has been around for a few releases now. The CLI, however, uses SDK3, which was removed from Ovirt 4.4. Search for "ovirt-shell". -derek On Fri, February 28, 2020 10:47 am, Eugène Ngontang wrote: > @Derek, > > You're talking about a client the should up-port, but before having a > client, my question is is there a documented API (server) to interact with > through that client? > > Eugene NG > > Le jeu. 27 févr. 2020 à 14:57, Derek Atkins a écrit : > >> Eugene, >> >> On Thu, February 27, 2020 4:53 am, Eugène Ngontang wrote: >> > Yes Ansible ovirt_vms module is useful, I use it for >> > provisioning/deployment, but once my VM created, I'd like to >> > administrate/interact with them, I don't think I should write >> playbooks >> > for >> > that. >> > >> > But I'll find a solution. >> >> I am in a similar boat as you. I wrote some management scripts around >> ovirt-shell when I first started using ovirt (4.0), in order to mimic >> some >> vmware-server features that I needed. I run a single-host hosted-engine >> environment, so when the system boots up (e.g. from a power failure) I >> wanted all my VMs to auto-start, and to start in the correct order. I >> can't use the ovirt power management utilities because it's only a >> single >> host. So I wrote a relatively small script around ovirt-shell that >> would >> do the following: >> >> 1) Wait for the engine to respond >> 2) Wait for the storage to come online >> 3) Start my VMs, with appropriate order and delay between >>(e.g., ensure my DNS server and KDC come up before other VMs) >> >> I know that SOME of these features are now in Ovirt (and I think they >> are >> even in 4.4), but my understanding is that they only return the system >> to >> previous state and wont auto-start a VM that was cleanly shut down. >> Also >> the ordering is, IIUC, somewhat course (low/medium/high). >> >> At this point I plan to delay my deployment of 4.4 or beyond because >> what >> I have in 4.3 is working (still), and frankly I have no interest in >> learning Ansible or Python just to replace what should be a relatively >> simple script. >> >> I honestly find it very sad that the developers wont up-port >> ovirt-client >> to SDK4. If SDK4 is "so good" vs SDK3 then I don't see why it would be >> hard to do that. And if it IS that hard to do, then how do they expect >> us >> to use it? >> >> Maybe I will find some time to play with OV4.4 on a test system in order >> to play with the auto-start features. In my copious amounts of free >> time. :( >> >> Thanks, >> >> -derek >> >> -- >>Derek Atkins 617-623-3745 >>de...@ihtfp.com www.ihtfp.com >>Computer and Internet Security Consultant >> >> > > -- > LesCDN <http://lescdn.com> > engont...@lescdn.com > > *Aux hommes il faut un chef, et au* > > * chef il faut des hommes!L'habit ne fait pas le moine, mais lorsqu'on te > voit on te juge!* > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/F3F7KHR7OOUDQSKZEQX5553MAUKMLFAV/
[ovirt-users] Re: Ovirt API and CLI
Eugene, On Thu, February 27, 2020 4:53 am, Eugène Ngontang wrote: > Yes Ansible ovirt_vms module is useful, I use it for > provisioning/deployment, but once my VM created, I'd like to > administrate/interact with them, I don't think I should write playbooks > for > that. > > But I'll find a solution. I am in a similar boat as you. I wrote some management scripts around ovirt-shell when I first started using ovirt (4.0), in order to mimic some vmware-server features that I needed. I run a single-host hosted-engine environment, so when the system boots up (e.g. from a power failure) I wanted all my VMs to auto-start, and to start in the correct order. I can't use the ovirt power management utilities because it's only a single host. So I wrote a relatively small script around ovirt-shell that would do the following: 1) Wait for the engine to respond 2) Wait for the storage to come online 3) Start my VMs, with appropriate order and delay between (e.g., ensure my DNS server and KDC come up before other VMs) I know that SOME of these features are now in Ovirt (and I think they are even in 4.4), but my understanding is that they only return the system to previous state and wont auto-start a VM that was cleanly shut down. Also the ordering is, IIUC, somewhat course (low/medium/high). At this point I plan to delay my deployment of 4.4 or beyond because what I have in 4.3 is working (still), and frankly I have no interest in learning Ansible or Python just to replace what should be a relatively simple script. I honestly find it very sad that the developers wont up-port ovirt-client to SDK4. If SDK4 is "so good" vs SDK3 then I don't see why it would be hard to do that. And if it IS that hard to do, then how do they expect us to use it? Maybe I will find some time to play with OV4.4 on a test system in order to play with the auto-start features. In my copious amounts of free time. :( Thanks, -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/NAZWFWDINJIOVD4X57LUH26RVDQ2SVHK/
[ovirt-users] Re: Can't install virtio-win with EL7.7/Ovirt-4.3.8 -- rpm error
Thanks for the repair! -d Dominic Coulombe writes: > Confirmed as working. > > Thanks. > > On Thu, Feb 13, 2020 at 5:00 AM Cole Robinson wrote: > > Thanks for the cc Gal. Latest published virtio-win RPMs, 0.1.173-7, are > back to using xz compression now. Seems like the new compression got > picked up automatically by building on Fedora 31. > > Thanks, > Cole > > On 2/9/20 3:20 AM, Gal Zaidman wrote: > > Forwarding this to virtio-win developers and packagers. > > Notice that virtio-win is a package in Fedora/Centos/RHEL and it is not > > an "ovirt/RHV" package so ovirt doesn't package it. > > > > On Sun, Feb 9, 2020 at 4:59 AM > <mailto:eshwa...@gmail.com>> wrote: > > > > Same problem. Looks like the virtio rpm is now built with the new > > compression method, but rpm for EL7 hasn't been updated to support > it. > > ___ > > Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> > > To unsubscribe send an email to users-le...@ovirt.org > > <mailto:users-le...@ovirt.org> > > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > > oVirt Code of Conduct: > > https://www.ovirt.org/community/about/community-guidelines/ > > List Archives: > > > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/5Q4AQYIVCAQY6JWFTNJWOHNXZPQD4IEI/ > > > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/EUBGCDBSILOEAMS3XFQ43IZVE3OHYPNB/ > > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/IWD3OBHCZQ24SX4RPRKJTZ5XKMGAK5FA/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HQP7TR3G5DNKXF6MOVI55AQXZG3CMZD6/
[ovirt-users] Can't install virtio-win with EL7.7/Ovirt-4.3.8 -- rpm error
Hi, I was trying to install the virtio-win package, but it gives an error: ERROR You need to update rpm to handle: rpmlib(PayloadIsZstd) <= 5.4.18-1 is needed by virtio-win-0.1.173-6.noarch Is this a known problem with current 4.3.x and EL7.7? -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/OR47UVYR6DWQX6NFTGUFU5JOVJVFOWDO/
[ovirt-users] Re: Websocket-proxy not working after upgrade to 4.3
Hi, nico...@devels.es writes: > A little bit more info on it. I debugged the requests with Chrome and > seems that the webservice call is made with https://engine:6100 > (literally), instead of https://:6100. > > A snapshot is included in this mail. > > I don't know why is it trying to connect to this address, seems like a > missed step on the upgrade process? (we upgraded 4.1 -> 4.2 -> 4.3). > > How can I fix this problem? Did you set your webproxy URL in your engine configuration? E.g.: engine-config -s SpiceProxyDefault=http://:6100 -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/UOH4IRE3OR2QV3RDAXBYBTXIJGM53VBH/
[ovirt-users] Re: [ANN] oVirt 4.3.8 is now generally available
Hi, On Thu, January 30, 2020 10:38 am, Sandro Bonazzola wrote: >> Quick question. My engine is currently running 4.3.6. My host is still >> at 4.1.x. I was planning (this weekend) to just yum upgrade the host >> system to bring it up to 4.3.x. >> >> Is it okay for the host to be at 4.3.8 while the engine is still at >> 4.3.6? Or must I upgrade the engine to 4.3.8 first? >> > > I would recommend to upgrade engine first, but host upgrade should work > fine being engine already at 4.3. Good to know. I'll see if I can find the time to upgrade the engine first. > I would recommend to use the engine for upgrading the hosts. It can use > the > cluster upgrade ansible role ( > https://github.com/oVirt/ovirt-ansible-cluster-upgrade/blob/master/README.md) > and save you some time. Can't do that -- this is a single-host self-hosted system, so there is no where to migrate the engine. So everything needs to be done manually. At least that is my understanding. And since this is a production system I'd rather spend more time and have it work than trying something and having it fail mid-way. As I'm already planning significant downtime to move the machines to a new location and re-rack them, the additional time to "yum upgrade" shouldn't be a problem. :) -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/TEMY6MLPUGIAL7E36CE3L2AAY7ACCVNE/
[ovirt-users] Re: [ANN] oVirt 4.3.8 is now generally available
Hi, Sandro Bonazzola writes: > The oVirt Project is pleased to announce the general availability of oVirt > 4.3.8 as of January 27th, 2020. First, congrats on the release. Quick question. My engine is currently running 4.3.6. My host is still at 4.1.x. I was planning (this weekend) to just yum upgrade the host system to bring it up to 4.3.x. Is it okay for the host to be at 4.3.8 while the engine is still at 4.3.6? Or must I upgrade the engine to 4.3.8 first? Thanks, -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/KSQISM2VIMCPK6E2KC5BLPYMN6IES7QE/
[ovirt-users] Re: oVirt on a Single Server
You can set up a localhost NFS server to serve out the local storage. Just ensure you have enough RAM so you don't hit the potential NFS dead-locking problem. I've been running in this configuration for several years. I've got 256GB RAM on the host. Works great for me. -derek On Tue, January 21, 2020 3:05 am, Joseph Goldman wrote: > I dont think a bare-metal engine can be a compute node as well. > > On 2020-01-21 6:46 PM, Tony Brian Albers wrote: >> On Tue, 2020-01-21 at 07:35 +, webma...@hotmail.com wrote: >>> Hello, >>> >>> I can't seem to install the self-hosted engine onto local storage. It >>> gives me glustefs, iscsi, fc, and nfs as the available options. I'm >>> using this in a home-lab scenario, and don't have budget/etc. for >>> building out a dedicated NAS for it, or setting up multiple nodes. I >>> like the look of oVirt, and wanted to try it with a couple disposable >>> vm's (plex, and a docker instance I break often). My current best- >>> thought for how to make it work is to setup NFS on the server, and >>> then point the self-hosted engine at the (local) NFS share. Is there >>> a better way to do this that I might be overlooking?* >>> >>> *Factoring that I don't have the funds to build out a proper storage >>> environment, yet. >>> >>> (and if anyone asks, I did search for a solution to this, but didn't >>> find anything super helpful. Mostly I found 5+ year old articles on a >>> similar but different scenario). >>> >> Well, if you can live with a regular engine(not self-hosted), this >> works: >> >> https://www.ovirt.org/documentation/install-guide/chap-Installing_oVirt.html >> >> >> HTH >> >> /tony >> >> >> >> >> >> >> >> ___ >> Users mailing list -- users@ovirt.org >> To unsubscribe send an email to users-le...@ovirt.org >> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/NT2D5DZWGFOM3MEZZNQ4K3QERITKGN2Y/ > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/VB3INTSWVRKGAZWAQKPKUHNHWIJCQU3S/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/STTLMFU3KUJMSR4AOV3PMUAFX23QW7AU/
[ovirt-users] What to do with old ovirt yum repos, and why are they kept around?
Hi, I just upgraded my engine from 4.1.9 to 4.2.8 to 4.3.x yesterday. One issue I hit along the way was a complaint about repos being listed more than once: Repository virtio-win-stable is listed more than once in the configuration Repository centos-sclo-rh-release is listed more than once in the configuration I also received errors like: http://mirror.centos.org/centos/7/storage/x86_64/gluster-3.8/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found Trying other mirror. Even after I did a yum erase on ovirt-release40 (and ovirt-release41) I noticed that the 4.0 and 4.1 yum repositories (and dependencies) configurations were left in /etc/yum.repos.d/. Is there a reason these files are not removed when the associated release packages are removed? Thanks, -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/TBSFHBNMJKULFN3PG6XRHPUFP3HQZ6SI/
[ovirt-users] Problem upgrading from 4.1.9 to 4.2.8 -- vmconsole SElinux issue
Hi, I spent yesterday trying to upgrade my self-hosted, single-host, ovirt engine from EL7.4/OV4.1.9 to EL7.7/OV4.3.x with a step at EL7.6/OV4.2.8. Unfortunately that first step was extremely problematic. Specifically, I kept hitting an issue where the installation ofovirt-vmconsole would error out with a "non-fatal POSTUN scriptlet failure", which of course is considered fatal: 2019-10-27 10:42:18,436-0400 DEBUG otopi.plugins.otopi.packagers.yumpackager yum packager.verbose:76 Yum Done: ovirt-vmconsole 2019-10-27 10:42:18,504-0400 ERROR otopi.plugins.otopi.packagers.yumpackager yum packager.error:85 Yum Non-fatal POSTUN scriptlet failure in rpm package ovirt-vm console-1.0.4-1.el7.centos.noarch 2019-10-27 10:42:18,505-0400 DEBUG otopi.plugins.otopi.packagers.yumpackager yum packager.verbose:76 Yum Done: ovirt-vmconsole-1.0.4-1.el7.centos.noarch 2019-10-27 10:42:18,605-0400 DEBUG otopi.plugins.otopi.packagers.yumpackager yum packager.verbose:76 Yum Script sink: D: --- h# 747 ovirt-vmconsole-1.0.4-1 .el7.centos.noarch This appears to be https://bugzilla.redhat.com/show_bug.cgi?id=1665197 which is closed as being fixed in 4.3.1, but that *STILL* doesn't help when trying to upgrade the engine from 4.1. to 4.2. It should have been fixed for 4.2.8 (or push a 4.2.9 with the fix). After googling around, I was able to work around this bug by moving semodule out of the way: mv /usr/sbin/semodule{,-bak} ln -fs /bin/true /usr/sbin/semodule and then running the update (I reverted after the update). I don't *like* this solution, but it got it working. I'll note that I have SELinux set to "enforcing", and I started with EL7.2/OV4.0 and have upgraded a few times. -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/UX35CRE62PC5RDNZULLGNRJDR4TXIXTP/
[ovirt-users] Re: [ANN] oVirt 4.3.6 is now generally available
jvdw...@xs4all.nl writes: >> Yes, it's still available. It will be dropped in 4.4. > > OK, good to know, time to polish up my ansible or start writing api scripts. > > Now that 4.4 popped up, how is that going? > I looked a bit at the Gerrit yesterday and right now and see that el8 > builds are being done now, great work! Yeah. I've got a startup script that I use to start all my VMs (see below). I'll need to figure out how to migrate that script to SDK4. It really sucks that there's no SDK4 version of ovirt-shell. I suspect my script will expand by an order of magnitude, and everyone who has written a script around ovirt-shell will have to duplicate effort. I know there is a feature for the engine to autostart VMs (which I believe will be in 4.4), but AFAIK it doesn't do ordering. I need at least one specific VM to start up before everything else. Thanks, -derek #!/bin/bash [ -f /etc/sysconfig/vm_list ] || exit 0 . /etc/sysconfig/vm_list echo -n "Starting at " date # Wait for the engine to respond while [ `ovirt-shell -I -c -F -T 50 -E ping 2>/dev/null | grep -c success` != 1 ] do echo "Not ready... Sleeping..." sleep 60 done # Now wait for the storage domain to appear active echo -n "Engine up. Searching for disks at " date total_disks=`ovirt-shell -I -c -E summary | grep storage_domains-total | sed -e 's/.*: //'` # subtract one because we know we're not using the image-repository total_disks=`expr $total_disks - 1` active_disks=`ovirt-shell -I -c -E summary | grep storage_domains-active | sed -e 's/.*: //'` while [ $active_disks -lt $total_disks ] do echo "Storage Domains not active yet. Only found $active_disks/$total_disks. Waiting..." sleep 60 active_disks=`ovirt-shell -I -c -E summary | grep storage_domains-active | sed -e 's/.*: //'` done # Now start all of the VMs in the requested order. echo -n "All storage mounted. Starting VMs at " date for vm in "${vm_list[@]}" do timeout=${vm_timeout[$vm]:-$default_timeout} ovirt-shell -I -c -E "action vm $vm start" sleep "$timeout" done -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/NS4VMN66G6K3WH2ROGSEBTQDEAMZB5DQ/
[ovirt-users] Re: [ANN] oVirt 4.3.6 is now generally available
On Fri, September 27, 2019 11:46 am, Sandro Bonazzola wrote: [nsip] >> I'm curious what the steps should be going from 4.1.9 / EL7.4 to 4.3.x / >> EL7.7? I am pretty sure I need some steps along the way (I doubt I can >> jump directly from 4.1.9 -> 4.3.x and 7.4 -> 7.7, right). >> >> So should I jump from 7.4/4.1.9 to 7.6/4.2.8 and then from there to >> 7.7/4.3.6? >> > > 4.1 cluster level is still supported by 4.3 engine. > So you can upgrade the engine from 7.4/4.1.9 to 7.6/4.2.8 and then to > 7.7/4.3.6 while on the host side you can go straight to 4.3.6/7.7. > Once done, please update cluster level to 4.3. Excellent, I can do that. I just need to ensure that the cluster settings fully upgraded from 4.0 to 4.1. One final question: I know that ovirt-shell is deprecated, but is it still available in 4.3.x? Thanks for all your support! -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/FDURRMTSB2IGUGIQPQHRXQCJT7PGDDEB/
[ovirt-users] Re: [ANN] oVirt 4.3.6 is now generally available
HI, On Fri, September 27, 2019 7:23 am, Sandro Bonazzola wrote: > Il giorno ven 27 set 2019 alle ore 12:55 Derek Atkins ha > scritto: > >> > >> > Please use the engine to upgrade hosts, there's a command in webadmin >> > interface for that. >> >> I didn't think you could do this in a single-host hosted-engine system? >> In such a deployment the engine has nowhere to migrate to, so it >> requires >> shutting down the whole "data center" in order to upgrade the host. I >> didn't think that could be done via the engine? >> >> Personally, I still need to upgrade from 4.1.9 / CentOS 7.4! >> > > Single host self hosted engine will require more work. > You'll need to put the host in global maintenance, turn off the engine, > yum > upgrade the host and reboot. > Then get out of global maintenance and engine VM should get back up and > running in a few minutes. Yeah, this is how I've done it in the past. I'm curious what the steps should be going from 4.1.9 / EL7.4 to 4.3.x / EL7.7? I am pretty sure I need some steps along the way (I doubt I can jump directly from 4.1.9 -> 4.3.x and 7.4 -> 7.7, right). So should I jump from 7.4/4.1.9 to 7.6/4.2.8 and then from there to 7.7/4.3.6? Thanks, -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RCQYRXCAH3BX5VIXFASDI432UNIXVEJ4/
[ovirt-users] Re: [ANN] oVirt 4.3.6 is now generally available
On Fri, September 27, 2019 6:41 am, Sandro Bonazzola wrote: [snip] >> hosts >> 6) put into maintenance >> 7) simply yum update that will update CentOS packages + oVirt ones (vdsm >> and such..) >> > > Please use the engine to upgrade hosts, there's a command in webadmin > interface for that. I didn't think you could do this in a single-host hosted-engine system? In such a deployment the engine has nowhere to migrate to, so it requires shutting down the whole "data center" in order to upgrade the host. I didn't think that could be done via the engine? Personally, I still need to upgrade from 4.1.9 / CentOS 7.4! > It's *a bit* outdated, but still valid: > https://ovirt.org/documentation/upgrade-guide/upgrade-guide.html -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/A6MYNHANZ3IN5WDACOTFMK7ZHNCW7D6R/
[ovirt-users] Re: Changing ISO domains
If you push down a level or two you'll see your .iso files. I just scp them directly in. -derek On Tue, September 17, 2019 10:52 am, Mark Steele wrote: > Additional information: > > The directory for the domain appear to have been created properly so I am > not clear on why the upload from the ovirt engine is failing: > drwxr-xr-x. 3 36 36 88 Sep 17 10:40 . > drwxr-xr-x. 5 36 36 126 Oct 17 2018 .. > drwxr-xr-x. 4 36 36 46 Sep 17 10:40 bdd2a547-dde9-4248-b2de-ae67063da8e4 > -rwxr-xr-x. 1 36 36 0 Sep 17 10:50 __DIRECT_IO_TEST__ > [root@phl-tevestore-01 iso-store]# > > *** > *Mark Steele* > CIO / VP Technical Operations | TelVue Corporation > TelVue - We Share Your Vision > 16000 Horizon Way, Suite 100 | Mt. Laurel, NJ 08054 > 800.885.8886 x128 | mste...@telvue.com | http://www.telvue.com > twitter: http://twitter.com/telvue | facebook: > https://www.facebook.com/telvue > > > On Tue, Sep 17, 2019 at 10:46 AM Mark Steele wrote: > >> I was not using the uploader - I have the new domain active and attached >> now. >> >> I am attempting to upload the iso using the following command: >> >> engine-iso-uploader --iso-domain=phl-iso-03 upload >> ./windows-server-2012.iso >> >> Unfortunately I keep getting this error: >> >> Uploading, please wait... >> ERROR: mount.nfs: Connection timed out >> >> >> >> *** >> *Mark Steele* >> CIO / VP Technical Operations | TelVue Corporation >> TelVue - We Share Your Vision >> 16000 Horizon Way, Suite 100 | Mt. Laurel, NJ 08054 >> 800.885.8886 x128 | mste...@telvue.com | http://www.telvue.com >> twitter: http://twitter.com/telvue | facebook: >> https://www.facebook.com/telvue >> >> >> On Tue, Sep 17, 2019 at 10:39 AM Staniforth, Paul < >> p.stanifo...@leedsbeckett.ac.uk> wrote: >> >>> Did you have the correct ownership/permissions ? >>> >>> Regards, >>> Paul S. >>> >>> >>> From: Derek Atkins >>> Sent: 17 September 2019 15:06 >>> To: Mark Steele >>> Cc: users >>> Subject: [ovirt-users] Re: Changing ISO domains >>> >>> On Tue, September 17, 2019 9:58 am, Mark Steele wrote: >>> > I think I see the issue now - the ISO domain is attached properly - >>> > however >>> > I was simply copying ISO files into that directory - I think I have >>> to >>> use >>> > a tool to upload the ISO's - is that correct? >>> >>> At least in 4.1.9, oVirt re-scans the ISO domain for new files, so you >>> should be able to scp your .iso file directly into the domain and have >>> it >>> appear in the engine after some re-scan period. I.e., at least >>> historically there was no hard-and-fast requirement to upload an ISO >>> image >>> through an ovirt interface. >>> >>> That may have changed in 4.2 and/or 4.3, but I hope not. >>> >>> -derek >>> >>> -- >>>Derek Atkins 617-623-3745 >>>de...@ihtfp.com >>> https://eur02.safelinks.protection.outlook.com/?url=www.ihtfp.comdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7Ca9b9c1e1b4a84c01fc2308d73b78abab%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637043261770242199sdata=sjTxgTWmn2nhmsuPMaTtUg3nEKcSFhDpRnqQf9PFbF0%3Dreserved=0 >>>Computer and Internet Security Consultant >>> ___ >>> Users mailing list -- users@ovirt.org >>> To unsubscribe send an email to users-le...@ovirt.org >>> Privacy Statement: >>> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fsite%2Fprivacy-policy%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7Ca9b9c1e1b4a84c01fc2308d73b78abab%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637043261770242199sdata=T6kCaN%2Foox64IhYOAtROtjTPYRd9yrhFKAIj%2F12caAk%3Dreserved=0 >>> oVirt Code of Conduct: >>> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fcommunity%2Fabout%2Fcommunity-guidelines%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7Ca9b9c1e1b4a84c01fc2308d73b78abab%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637043261770252196sdata=Svqw%2FGZS%2Bg6DEp9TlVdpbgijdpUsEWuQAmZry61Q3mw%3Dreserved=0 >>> List Archives: >>> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ovirt.org%2Farchives%2Flist%2Fusers%40ovirt.org%2Fmessage%2FMDR7NCR4HLIYRRFRUITKE2NFL2YLHZKS%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7Ca9b9c1e1b4a84c01fc2308d73b78abab%7Cd79a81124fb
[ovirt-users] Re: Changing ISO domains
On Tue, September 17, 2019 9:58 am, Mark Steele wrote: > I think I see the issue now - the ISO domain is attached properly - > however > I was simply copying ISO files into that directory - I think I have to use > a tool to upload the ISO's - is that correct? At least in 4.1.9, oVirt re-scans the ISO domain for new files, so you should be able to scp your .iso file directly into the domain and have it appear in the engine after some re-scan period. I.e., at least historically there was no hard-and-fast requirement to upload an ISO image through an ovirt interface. That may have changed in 4.2 and/or 4.3, but I hope not. -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MDR7NCR4HLIYRRFRUITKE2NFL2YLHZKS/
[ovirt-users] Re: Adding VLANs to a single-host, self-hosted-engine oVirt deployment?
Hi, On Fri, August 16, 2019 1:49 pm, Vincent Royer wrote: > Definitely upgrade to 4.3.5, do this first. If you can afford to just > image it and start over, do that. Does 4.3 still support ovirt-shell? I cannot re-image, I need to upgrade. That only means I need to do it in two steps, 4.1 -> 4.2 -> 4.3. > As long as your switch ports are configured correctly, adding vlans is > simple. I don't put anything in maintenance to do it. I have a bonded NIC (2x1Gbps); I presume I just need to tell the switch that this is a vlan trunk? > Just go to networks -> New > > [image: image.png] > > Check the "enable VLAN tagging" and enter your vlan. You don't really > need > to change anything else. Do I need to edit ovirtmgmt and enable vlan tagging too? > [image: image.png] > > Now you have a logical network and a Vnic profile for this vlan: > > [image: image.png] > > [image: image.png] > > > Now you need to tell Ovirt what physical NIC you want this to operate on. > Go to your host and select "Setup Host Networks" > > Drag the new network onto the NIC or bond you want to use: So there's nothing special I need to set up on the host? I just need to add the new virtual networks to the existing bond/interface? > > > [image: image.png] > > [image: image.png] > > > > You can click the pencil and have this interface get an IP address if you > want, but, you don't need to - your vms will get IPs. So you can leave > this > all alone in here: This would be a host address on the VLAN? If so, I agree -- I don't think most VLANs will need that. > [image: image.png] > > Now when you are creating a VM, you can attach this Vnic profile. You > could also add the Vnic to an existing VM. > > [image: image.png] > > And that's it. If you have the VM configured to DHCP, and you have a dhcp > server listening on that Vlan, it will work. If your VM doesn't get an > IP, > check your router's DHCP logs to see if it hears anything from the Mac > address of your VM's nic. If you also have a DNS resolver that adds DHCP > entries, and your VM has a hostname configured in cloud-init, you'll even > be able to resolve the FQDN to your VM immediately. Yeah, pretty much all VMs are DHCP. Thanks. I'll try this out. I still have at least 1-2 months before I can even entertain migrating, and it could be as long as 3-4 months. So I have time to think and plan. > Hope this helps! Indeed. Major open question right now is ovirt-shell ;) -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/F4MS7MKSFPZMUT7QLTT7LLNTS5FU5I4E/
[ovirt-users] Adding VLANs to a single-host, self-hosted-engine oVirt deployment?
HI, I've got a single oVirt host running a self-contained hosted-engine deployment. When I set it up I did not use VLANs in my network. I am in the process of moving my equipment, and in part of this move I would like to introduce VLANs into my network infrastructure. The documentation seems to imply that to add virtual networks and/or VLANs to a host that I need to put it into maintenance mode, configure it in the engine, and then resync the network. However, I don't think I can do that with a single-host environment. If I put the host into local maint mode, it will try to offload all my VMs, including the engine, which obviously it cannot do because there is no other host to migrate them to. So what's the approach to add VLANs in this situation? I should add that this system started at 4.0, and I'm still only running 4.1 (although I do plan to upgrade to 4.2 as part of this move). I'm hesitant to upgrade further because of the impending removal of SDK-3 -- I am depending on a script that uses ovirt-shell which I keep being told is going away. If ovirt-shell is still in 4.3 then I might consider upgrading to that as well. :) Thanks. -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3KR6PJE2XHNISXCJXG3GNADXEHWHWEXI/
[ovirt-users] Re: no network interface
HI, Are you installing this as a node, or are you using CentOS and then hosted-engine --deploy? -derek On Thu, August 1, 2019 2:59 pm, A S wrote: > Hi. I had ovirt running with a VM but it suddenly broke. I wiped it all > and did a reinstall but now I am not able to connect my host to the > network. the host is always saying status='unassigned'. in the network > page where I would drag and drop a connection, there is no interface to > connect to. its this page > https://ovirt.org/images/wiki/SetupNetworksNew.png?1478101462 > but there is nothing in the interfaces column on the left > Can anyone point me in the right direction to fix this? Thanks > I have only one machine with the engine and host on it. > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/DFXV5N6MHDYGTROLBVCXNK6ILM5ASEIH/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/TA5O4NGAC5PRI6WBLWD6YJ3SI2FMTPCD/
[ovirt-users] Re: major network changes
Hi, carl langlois writes: > Strahil, not sure what to put for the --cacert. > > Yes Derek your are right at one point the port 8702 stop listening. > > tcp6 0 0 127.0.0.1:8702 :::* LISTEN > 1607/ovirt-engine Can you try running 'lsof' to figure out what application has that port open? Then you can figure out why it's dying. > After some time the line above disappear. I am trying to figure why this port > is being close after some time when the engine is running on the host on the > 248.x network. On the 236.x network this port is kept alive all the time. > If you have any hint on why this port is closing do not hesitate because i am > starting to be out of ideas. :-) > > Thanks & Regards > > Carl -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PH5NE5FKZXSQKTDCBVJLAQHYTJ2VZWH5/
[ovirt-users] Re: major network changes
Hi, carl langlois writes: > If i try to access http://ovengine/ovirt-engine/services/health > i always get "Service Unavailable" in the browser and each time i it reload in > the browser i get in the error_log > > [proxy_ajp:error] [pid 1868] [client 10.8.1.76:63512] AH00896: failed to make > connection to backend: 127.0.0.1 > [Tue Jul 23 14:04:10.074023 2019] [proxy:error] [pid 1416] (111)Connection > refused: AH00957: AJP: attempt to connect to 127.0.0.1:8702 (127.0.0.1) failed Sounds like a service isn't running on port 8702. > Thanks & Regards > > Carl -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/QMW4OB7AIVE2YYU2OYIGZPVW5F4VTLLK/
[ovirt-users] Re: major network changes
> >> >>> >> >> > >> >>> >> Also if i try to do ovs-vsctl list . The list command >> require >> a Table name. Not sure what table to use? >> > >> >>> >> >> > >> >>> >> Regards >> > >> >>> >> Carl >> > >> >>> >> >> > >> >>> >> >> > >> >>> >> >> > >> >>> >> On Wed, Jul 17, 2019 at 4:21 AM Miguel Duarte de Mora >> Barroso < >> mdbarr...@redhat.com> wrote: >> > >> >>> >>> >> > >> >>> >>> On Tue, Jul 16, 2019 at 8:48 PM carl langlois < >> crl.langl...@gmail.com> wrote: >> > >> >>> >>> > >> > >> >>> >>> > Hi >> > >> >>> >>> > >> > >> >>> >>> > We are in a process of changing our network connection. >> Our >> current network is using 10.8.256.x and we will change to 10.16.248.x. >> We >> have a HA ovirt cluster (around 10 nodes) currently configure on the >> 10.8.256.x. So my question is is it possible to relocate the ovirt >> cluster >> to the 10.16.248.x. We have tried to move everything to the new network >> without success. All the node seem to boot up properly, our gluster >> storage >> also work properly. >> > >> >>> >>> > When we try to start the hosted-engine it goes up but >> fail >> the liveliness check. We have notice in the >> /var/log/openvswitch/ovn-controller.log that he is triying to connect to >> the hold ip address of the hosted-engine vm. >> > >> >>> >>> > 019-07-16T18:41:29.483Z|01992|reconnect|INFO|ssl: >> 10.8.236.244:6642: waiting 8 seconds before reconnect >> > >> >>> >>> > 2019-07-16T18:41:37.489Z|01993|reconnect|INFO|ssl: >> 10.8.236.244:6642: connecting... >> > >> >>> >>> > 2019-07-16T18:41:45.497Z|01994|reconnect|INFO|ssl: >> 10.8.236.244:6642: connection attempt timed out >> > >> >>> >>> > >> > >> >>> >>> > So my question is were is the 10.8.236.244 come from. >> > >> >>> >>> >> > >> >>> >>> Looks like the ovn controllers were not updated during the >> network change. >> > >> >>> >>> >> > >> >>> >>> The wrong IP is configured within openvswitch, you can see >> it >> in the >> > >> >>> >>> (offending) nodes through "ovs-vsctl list . ". It'll be a >> key >> in the >> > >> >>> >>> 'external_ids' column called 'ovn-remote' . >> > >> >>> >>> >> > >> >>> >>> This is not the solution, but a work-around; you could try >> to >> > >> >>> >>> configure the ovn controllers via: >> > >> >>> >>> vdsm-tool ovn-config > management network> >> > >> >>> >>> >> > >> >>> >>> Despite the provided work-around, I really think the hosted >> engine >> > >> >>> >>> should have triggered the ansible role that in turn >> triggers >> this >> > >> >>> >>> reconfiguration. >> > >> >>> >>> >> > >> >>> >>> Would you open a bug with this information ? >> > >> >>> >>> >> > >> >>> >>> >> > >> >>> >>> > >> > >> >>> >>> > The routing table for one of our host look like this >> > >> >>> >>> > >> > >> >>> >>> > estination Gateway Genmask Flags >> Metric >> RefUse Iface >> > >> >>> >>> > default gateway 0.0.0.0 UG0 >> 00 ovirtmgmt >> > >> >>> >>> > 10.16.248.0 0.0.0.0 255.255.255.0 U 0 >> 00 ovirtmgmt >> > >> >>> >>> > link-local 0.0.0.0 255.255.0.0 U >> 1002 >> 00 eno1 >> > >> >>> >>> > link-local 0.0.0.0 255.255.0.0 U >> 1003 >> 00 eno2 >> > >> >>> >>> > link-local 0.0.0.0 255.255.0.0 U >> 1025 >> 00 ovirtmgmt >> > >> >>> >>> > >> > >> >>> >>> > Any help would be really appreciated. >> > >> >>> >>> > >> > >> >>> >>> > Regards >> > >> >>> >>> > Carl >> > >> >>> >>> > >> > >> >>> >>> > >> > >> >>> >>> > >> > >> >>> >>> > >> > >> >>> >>> > ___ >> > >> >>> >>> > Users mailing list -- users@ovirt.org >> > >> >>> >>> > To unsubscribe send an email to users-le...@ovirt.org >> > >> >>> >>> > Privacy Statement: >> https://www.ovirt.org/site/privacy-policy/ >> > >> >>> >>> > oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> > >> >>> >>> > List Archives: >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/DBQUWEPPDK2JDFU4HOGNURK7AB3FDINC/ >> > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/UB72PHIP2FO3EC3M3NRKDGOL6SA3MAE5/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/N4F3Q6CVPZWBMGLHDMVCZHMYN5KLDM4E/
[ovirt-users] Re: assign vm traffic to a physical NIC and Storage traffic to another NIC
Hi, "Erick Perez" writes: > Hi, > fresh install > I have created a network called "storage" and another called "vms" and > both have vlan 102 tag. Only the "vms" network have the check on "vm > network". Why are you using the same VLAN on both networks? That's probably not a good idea. > then on Compute---Hosts---hvm001---setup_host_network > physical nic enp3s0f0 has ovirtmgmt and vms networks defined > physical nic enp3s0f1 has storage network defined > > Question is how do I tell ovirt that I want the STORAGE traffic to use > enp3s0f1 ? > I am using NFS data domains and I cannot find a place to tell the > network/physical nic my NFS traffic should use. I think that is going to be via IP-based routing of your NFS traffic using the IP range on your 'storage' network. You DO have different network blocks on your different lans/vlans, right? > thanks, -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/SMRSVKBWAOKO2AYWXILMFMY6OYEYMZB6/
[ovirt-users] Re: Virtual office, how?
Hi, andres.b@gmail.com writes: > I'm trying to be able to create different virtual LANs, where, for > example, I have 2 groups of pcs > > A and B belongs to network N1 > C and D belongs to network N2 > > N1 and N2 with his own public IP. For example > A: Local ip: 192.168.122.100 > > B: Local ip: 192.168.122.101 > > C: Local ip: 192.168.122.102 > > D: Local ip: 192.168.122.103 You've got a few problems here. First, if you have two networks, N1, and N2, you probably DO NOT want the same IP Network (192.168.122) on both N1 and N2. So for your sanity, if A and B are on N1 and C and D are on N2, you might want to use: A: 192.168.10.100 B: 192.168.10.101 C: 192.168.20.100 D: 192.168.20.101 > Where A and B has the same public ip, and C and D has the same public ip. I'm confused by this. What do you mean "has the same public ip"? None of the IPs here are public, they are all RFC1918 (private network) IPs. Do you mean that you've got a router, somewhere, that have a reverse NAT that will translate externally from some public addresses to these private addresses? Also, you will need that reverse NAT to be smart about how it routes. Specifically, once you have an active connection to A or B, it will need to ensure that the connection continues to the same (A or B) target. > Now, I want that A can ssh on B, but not on C or D. The same goes for > C, where C can access to D via ssh but not to A or B I'm not sure I understand what this means. What do you mean by "A can ssh on B"? This is probably a language issue. I think you mean that A and B can ssh to each other but can't reach C or D, and C and D can ssh to each other but can't reach A or B. If you renumber as above then you can do that by not routing between 192.168.10.0/24 and 192.168.20.0/24. However in your original configuration where all four hosts are on the same 192.168.122.0/24 network, there is no way (at the network level) to prevent A and B from talking with C and D. > I'm not sure if OVS solve this problem or not, or if this is not possible. > > Is this possible? How? You can do this with OVS, or even with basic networking, but you will need to create actual separate networks. Good Luck, -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/LQVJAXSTSU3UXJHAAUXSN2FY2FBHNG47/
[ovirt-users] Re: oVirt Open Source Backup solution?
Jorick Astrego writes: > Maybe split it in 2 disks? One OS and one APP/DATA? You can then backup > only one. > > I prefer to do this anyway as I then can just redeploy the OS and attach > the second disk to get things back up and running. Are you suggesting that /etc and /var should go onto their own disks? There is lots of configuration in /etc (which is usually in the root disk) that needs to be backed up. Also, different apps store configuration and data in different places, so saying "just put it on a second disk" can be hard. Sure, it works fine for /home -- but mysql? imapd? ... -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WCKEURYZBKGWW5HFECF7OMLBCONFXRKZ/
[ovirt-users] Re: deprecating export domain?
Hi, "Andreas Elvers" writes: > Maybe I overlooked the information, but in recent RHVE 4.3 docs the > information how to use the export storage domain have been removed and > there is no alternative to do so, but to detach a data domain and > attach it somewhere else. But how can I move my VMs one by one to a > new storage domain on a different datacenter without completely > detaching the original storage domain? I was under the impression that you just needed a regular (second) data domain in lieu of the (deprecated) export domain. So you attach a new data domain, then migrate the VM over to it, then you can detach the data domain and attach it to another datacenter. > I don't want to bring down all of my VMs on the old storage domain for > import. I want to export and import them one by one. When all VMs are > moved to the new data center only then I want to decommission > the old data center. > > What is the rationale to deprecate the export storage and already > remove documentation when there seems to be no alternative available? IANAD, but I believe the rationale was that there was no need for a "special case" domain. -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/BYRVO6MDVVLLT6TIPFDYZMRGNDDMC7FA/
[ovirt-users] Re: oVirt Open Source Backup solution?
Strahil Nikolov writes: > In such case , > you use the same approach for the VM in whole - lock + snapshot on oVirt + > unlock. > This way you keep OS + app backup in one place , which has it's own Pluses and > Minuses. Sure But the minus being it requires SIGNIFICANTLY more space. I've got over a dozen VMs, all running the same (pretty much) OS. If I based up the VM Snaphot there would be 12x space usage for OS files that I don't need to backup because I can recreate those from the initial repositories. Of course, this is at the expense of more time to restore from the backup. YMMV. > Best Regards, > Strahil Nikolov -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/X3VEPWIQVOM5PCFPL56PZN4RRKBNYXBV/
[ovirt-users] Re: oVirt Open Source Backup solution?
Hi, I am sorry I was unclear. Of course the long operation happens with the DB unlocked. Once the LVM snapshot is created (from within the locked environment), the lock is of course released and the backup proceeds from a db-unlocked environment. I apologize for my lack of clarity with "and then I backup off the snapshot" not making that clear. -derek On Tue, May 14, 2019 6:20 am, Strahil wrote: > Derek, > > That's risky. > Just read lock the DB, create the lvm snapshot and release the lock. > Otherwise you risk a transaction to be interrupted. > > Best Regards, > Strahil NikolovOn May 13, 2019 16:47, Derek Atkins > wrote: >> >> Strahil writes: >> >> > Another option is to create a snapshot, backup the snapahot and merge >> > the disks (delete the snapshot actually). >> > Sadly that option doesn't work with Databases, as you might inyerrupt >> > a transaction and leave the DB in inconsistent state. >> >> Yet another reason to do it from inside the VM. >> >> What I do (on systems that have a running database) is to run a "flush" >> operation to sync the database to disk, and then from within the flush >> operation I create an LVM snapshot, and then I backup off the snapshot. >> If I'm not running a database, then I just create the snapshot directly. >> >> > Best Regards, >> > Strahil Nikolov >> >> -derek >> -- >> Derek Atkins 617-623-3745 >> de...@ihtfp.com www.ihtfp.com >> Computer and Internet Security Consultant >> ___ >> Users mailing list -- users@ovirt.org >> To unsubscribe send an email to users-le...@ovirt.org >> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/JS6YVB3S33VYLPEQTUE3UJVZOBBO5W7H/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3LQMSRLUHRBXNLGUHAIHZNEES7WWDHMJ/
[ovirt-users] Re: New to OVirt
Hi, When I installed oVirt (on CentOS 7.2 using 4.0.x in October 2016) I used the following sets of instructions: https://access.redhat.com/documentation/en/red-hat-virtualization/4.0/paged/self-hosted-engine-guide/chapter-2-deploying-self-hosted-engine http://www.ovirt.org/documentation/how-to/hosted-engine/#fresh-install I did take a few trials to get it right. I made sure I had CentOS fully installed, set up my local file systems, NFS (for storage domains), permissions, networking, etc. Then I installed and did the hosted-engine --deploy Then in the hosted engine VM I also installed CentOS manually and installed the hosted engine itself. It did take me a while to get it all right. I did need to run hosted-engine-cleanup.sh at least once. :) But it's been very solid for almost 3 years now. I'm due for another upgrade soon. -derek Slobodan Stevanovic writes: > I am currently at the point that I am thinking on giving up and start playing > more with Proxmox. > > Do you guys have any suggestion on what instructions I should use? I just want > to setup something to get a better idea on how everything works before I go to > more advance things. > > Currently, downloading Ovirt Node from > https://www.ovirt.org/download/node.html and running Cockpit does not work > form me. > > On Friday, May 10, 2019, 7:54:39 PM PDT, wrote: > > I'm glad to hear i'm in the minority! I had the worst luck with struggling to > get it loaded, then once it was loaded, I ran great, until it didn't, and have > to wait and wait for it to load while the host rebooted and trying to figure > out why it wasn't coming up just drove me crazy. Although I ran it on 3 nodes > so I had to track down where it migrated too. > > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/P4VQHNED55IT55QRBW5WVEF5LSYZCLS5/ > > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/XE6RJ7ZEGZQM2YREIYXZO63YYD2GOHVX/ > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PEUEBQAGOO323ODAMF4KSPYILAUUDAP3/
[ovirt-users] Re: oVirt Open Source Backup solution?
Strahil writes: > Another option is to create a snapshot, backup the snapahot and merge > the disks (delete the snapshot actually). > Sadly that option doesn't work with Databases, as you might inyerrupt > a transaction and leave the DB in inconsistent state. Yet another reason to do it from inside the VM. What I do (on systems that have a running database) is to run a "flush" operation to sync the database to disk, and then from within the flush operation I create an LVM snapshot, and then I backup off the snapshot. If I'm not running a database, then I just create the snapshot directly. > Best Regards, > Strahil Nikolov -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/JS6YVB3S33VYLPEQTUE3UJVZOBBO5W7H/
[ovirt-users] Re: New to OVirt
The only issue I've had is that it can take 15 minutes before the HE starts... And I have to ensure the host is taken out of maintenance mode manually. Beyond that, it has recovered from many updates, reboots, and power hits without intervention. -derek Sent using my mobile device. Please excuse any typos. On May 10, 2019 9:16:02 PM Dmitry Filonov wrote: I have used both hosted and standalone engine and can tell that so far I had more issues with hosted engine than with standalone one. Not like huge issues, but something like you put host in to global HA maintenance, then update hosted engine, reboot and... and it doesn't start. Not a big deal, but for a new user it might be a bit confusing. So am with Michael, if you just starting using oVirt then it's better to have standalone engine et first. And then migrate it over into hosted environment when you are comfortable to do so. Fil -- Dmitry Filonov Linux Administrator SBGrid Core | Harvard Medical School 250 Longwood Ave, SGM-114 Boston, MA 02115 On Fri, May 10, 2019 at 9:00 PM Vincent Royer wrote: Disagree, I've had some pretty significant meltdowns and if you cant access hosted engine, go have drink and try again... It comes up. It's ability to self-repair and find a scrap of a host to run on is pretty impressive. On Fri, May 10, 2019, 2:18 PM Derek Atkins wrote: I've been running hosted engine on a single host for a few years now with no issue. I did redo my initial install several times but its been fine ever since. I started at 4.0.x and have gone through multiple OS and ovirt upgrades with few issues. -derek Sent using my mobile device. Please excuse any typos. On May 10, 2019 4:47:12 PM mich...@wanderingmad.com wrote: Honestly? don't do hosted engine deployment first. If you're just getting started with ovirt, you're going to waste weeks on getting hosted engine running, and then I guarantee once it's running, it's not going to come up when you need it most. Just load your single host, and then load the engine on a separate VM/Machine to manage it. I have the engine running on a separate machine so just in case there is a host issue, you can still access the engine to fix it. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7TAEQR6SZKQM2YBPCKBAEYFWF432QGAA/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/TRJGHLOBJB2GQPW32FAXKSE6DWSUO5H5/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/I6AR5C276BXNNRZTBMU65ES5NGCON7J7/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PSXWMLPKDZBMYQS4HAT7WVCAB3GLZUJF/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MQZS7XR4OEDDPMKKA3HCHXNEW5LTXCBN/
[ovirt-users] Re: New to OVirt
I've been running hosted engine on a single host for a few years now with no issue. I did redo my initial install several times but its been fine ever since. I started at 4.0.x and have gone through multiple OS and ovirt upgrades with few issues. -derek Sent using my mobile device. Please excuse any typos. On May 10, 2019 4:47:12 PM mich...@wanderingmad.com wrote: Honestly? don't do hosted engine deployment first. If you're just getting started with ovirt, you're going to waste weeks on getting hosted engine running, and then I guarantee once it's running, it's not going to come up when you need it most. Just load your single host, and then load the engine on a separate VM/Machine to manage it. I have the engine running on a separate machine so just in case there is a host issue, you can still access the engine to fix it. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7TAEQR6SZKQM2YBPCKBAEYFWF432QGAA/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/TRJGHLOBJB2GQPW32FAXKSE6DWSUO5H5/
[ovirt-users] Re: oVirt Open Source Backup solution?
Hi, Michael Blanchard writes: > If you haven't seen my other posts, I'm not a very experienced Linux admin, so > I'm trying to make it as easy as possible to run and maintain. It's hard > enough for me to not break ovirt in crazy ways This has nothing to do with ovirt. You could use rdiff-backup on any running machine, be it virtual or bare metal. It's just a way to use a combination of diff and rsync to backup machines. Indeed, I was using it with my vmware-based systems and, when I migrated them to ovirt, the backups just continued working. > Get Outlook for Android -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/CBMHSCOBQ3MQHK2CFK6KYGBD2TSSOYAA/
[ovirt-users] Re: oVirt Open Source Backup solution?
mich...@wanderingmad.com writes: > Is there a good low to no-cost solution to backup oVirt and the > virtual machines? I've been unabel to find something that will do a > direct VM backup instead of a backup agent installed on VM I just use rdiff-backup inside my VMs. -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/Z52SMCGN2SYDB2I2QLBYM5TZZL6HYPX7/
[ovirt-users] Re: How to replace vMware infrastructure with oVirt
Hi, "Mannish Kumar" writes: > Hi, > > I have two Esxi hosts managed by VMware vCenter Server. I want to > create a similar infrastructure with oVirt. I know that oVirt is > similar to VMware vCenter Server but not sure what to replace the Esxi > hosts with in oVirt Environment. > > I am looking to build oVirt with Self-Hosted Engine.It would be great > help if someone could help me to build this. I migrated from the old vmware-server to oVirt a few years ago. I exported my VMs as OVA and then imported them into oVirt. Some of them imported immediately, some took several hours. But this was all with oVirt 4.0 and older versions of virt-v2v, so some of my issues may have been fixed. I would recommend you build a new oVirt infra first, migrate your VMs, and then, if you want, you can repurpose your existing hardware for additional nodes. -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7KRVXC6O75VD56E7LYZD6GMS2M2OIIHL/
[ovirt-users] Re: Centos7.6
Sandro Bonazzola writes: > oVirt 4.2.7 is already compatible with CentOS 7.6. > I think that right now it's the best time to upgrade both oVirt and CentOS. Is it safe to upgrade straight from 4.1.9 on 7.4 to 4.2.7 on 7.6? -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/M5BKGNLWKKU2WXDIVGNNDBODUJXVRUTI/
[ovirt-users] Re: RAID L1/L5/L10 + NFS Loopback Benchmarks
Simone Tiraboschi writes: > On Wed, Nov 21, 2018 at 10:08 AM Andrei Verovski wrote: > > Hi ! > > Deadlock of NFS loopback happens with 3.10 stock kernel from CentOS 7.6 > only or also with 4.x mainline ? > > I use 4.x mainline on my nodes. > > AFAIK is still an open issue. > FWIW, I've been running with an NFS loopback and have never, in 3+ years, had an issue. On the other hand, I am very over-provisioned and under-subscribed on RAM, so it probably never really gets into a situation where it has to swap. -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/JDWIDN2YE7TL5IU4G3TCB2CVFMQU7AUE/
[ovirt-users] Re: Managing multiple oVirt installs?
Configure a single FreeIPA domain for all deployments? And maybe use oauth? (not sure if ovirt supports the latter, and it's unclear if the former works for your environment). But that's the only option I can think of to support multiple engines. -derek Sent using my mobile device. Please excuse any typos. On September 3, 2018 10:10:23 AM "femi adegoke" wrote: Lets say you have 10 clients & each client has a 3 node oVirt install. I would prefer to not login into 10 different HE portals. How can I log in once & manage all 10 instances of oVirt? ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/A5COP2VHEFIMEY2RLKZRC6W3EIJO66Q6/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/OF646S7W3BVFISXEMX6CYCO24VXYDMBR/
[ovirt-users] Re: ovirt selfhost error
Hi, mustafa.taha.m...@gmail.com writes: > when i use hosted-engine --vm-status > > this will appear [snip] Did you actually install and configure the hosted-engine VM? -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH warl...@mit.eduPGP key available ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/AFEIXOFOQVZ3GMY6A6Z7RLBWKMMQDEXZ/
[ovirt-users] Re: oVirt: single host install
Hi, Sahina Bose writes: > I'm running loopback NFS and I've not encountered any issues. I've been > running this way since 2016-10-22. I did not understand Gluster enough > and wasn't sure how I could make a "replica 1" -- everything seemed to > imply you *NEEDED* 3 gluster hosts. So I went with what I knew -- NFS. > > We did add support for single node gluster volume in 4.2 - see > https://www.ovirt.org/documentation/gluster-hyperconverged/chap-Single_node_hyperconverged/ Good to know, and thank you for the link. I started with 4.0, which explains why I did not go this route. I've upgraded along the way, but the upgrades wont let me easily change out the underlying storage mechanisms without fully reinstalling the HE. Still, next time I do a system refresh I'll definitely consider this. Thanks, -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH warl...@mit.eduPGP key available ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/DMFFYTGWYBOHNDIT3VVJRM3BBXTB6AFX/
[ovirt-users] Re: oVirt: single host install
Hi, Justin Zygmont <jzygm...@proofpoint.com> writes: >> This is true -- I have to bring everything down when I want to upgrade the >> system, especially the host itself. So I don't upgrade as often as I might >> if I had multiple hosts where I could migrate. >> >> How can you do it without a second host and importing with a temporary >> storage domain? > >>I just shut everything down. So long as it's planned my users can >handle a >>30-60 minute outage. And this is only when I update the >host. >>I can update the Engine on its own, and often will update my VMs >>>simultaneously to minimize downtime. But I'm okay with some >downtime. > > I see, so you just did an in place update of engine I guess, what if > you want to update the node as well, and install a new HE? You'd lose > the locally stored NFS domains. Or what if the engine update stuffs > up, there'd be no way to access the admin portal right? Yes, log into engine and run: yum update 'ovirt-*-setup' Then engine-setup. As for the host, I'm not using Node. It's just a regular CentOS system with the ovirt host software installed. I update it the normal way you'd update any other CentOS system: yum update I don't understand what you mean by "install a new HE"? If this is a single-host system, what do you mean by installing a new hosted engine? If you're asking about starting with one host and adding a second host, then that returns back to the previous statement that you'd have to migrate HE to a new (Gluster-based) storage system. If you stayed with NFS, then you "master host" could never go down or your HE would also go down (because its [NFS-based] storage would go away). You're right that if the Engine update breaks somehow then the admin portal would go away -- but I'm never updating systems through the portal. It's always via SSH (or worst case local console on the host). If the engine update breaks so much that even ssh wont work, then I'm definitely in trouble. That's what backups are for! :) -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH warl...@mit.eduPGP key available ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org
[ovirt-users] Re: Using remote viewer outside lan
Hi, Aziz <azizgst...@gmail.com> writes: > Hi all, > > I am able to access my VMs from LAN using remote Viewer, however this is not > working from outside LAN, my setup is as follow: > > 1. Controller in a separate HW machine > 2. Host in a server > > When checking the console.vv file, I see that it includes the local IP address > of the host + port 5900. Is there a way to force ovirt to generate a > console.vv file with public IP port when the user tries to connect from > Internet and another file with lan IP when the user tries to connect from LAN. > > Any hint on how to set this feature up ? I don't think you can set up a different IP based on the connection source. What I would recommend is setting up a web proxy on your ovirt host and then tell it to always use the proxy. Specifically, always use the public IP address. Of course, this assumes you can reach the public IP from inside your network. If you can't, then you might have a bigger issue. > Best regards -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH warl...@mit.eduPGP key available ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org
[ovirt-users] Re: oVirt: single host install
Hi, Justin Zygmont <jzygm...@proofpoint.com> writes: > -Original Message- > From: Derek Atkins [mailto:warl...@mit.edu] > Sent: Monday, May 21, 2018 8:33 AM > To: Simone Tiraboschi <stira...@redhat.com> > Cc: users <users@ovirt.org>; ov...@fateknollogee.com > Subject: [ovirt-users] Re: oVirt: single host install > > Hi, > > Simone Tiraboschi <stira...@redhat.com> writes: > >> On Mon, May 21, 2018 at 7:49 AM, <ov...@fateknollogee.com> wrote: >> >> Use case: small sites with a minimum number of vm's. >> >> Is there such a thing as a single host install? >> >> In the past we had the all-in-one mode but we deprecated it. >> Now the suggested mode is hosted-engine since you could expand it >> adding other hosts in the future. >> > > Sounds like "local storage" is useless then? IMHO, yes. When I installed (4.0) you could not use it for hosted-engine storage. Don't know if that changed, but what's the point of using different storage methods? I already had to set up a local NFS (pr theoretically Gluster) for HE -- so might as well re-use that for my main storage too! > I am running in this configuration and have had little problem. I migrated > from an old vmware-server platform, and, modulo a few hiccups along the way > and a few false starts as I was installing ovirt, it's been pretty stable for > me! > > Did you use NFS for all storage domains? Yes. Both HE and Main Data storage domains are backed by SSD. My ISO domain is backed by spinning rust. >> Is it valid for production use? >> >> With a single host the upgrades will become more intrusive: without >> the capability to migrate your VMs on other hosts at upgrade time, you >> will be required to bring down everything. >> > > This is true -- I have to bring everything down when I want to upgrade the > system, especially the host itself. So I don't upgrade as often as I might > if I had multiple hosts where I could migrate. > > How can you do it without a second host and importing with a temporary > storage domain? I just shut everything down. So long as it's planned my users can handle a 30-60 minute outage. And this is only when I update the host. I can update the Engine on its own, and often will update my VMs simultaneously to minimize downtime. But I'm okay with some downtime. -derek PS: I don't know what mailer you used, but I had a very hard time differentiating your responses from mine. Hopefully I did not miss one of your questions. -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH warl...@mit.eduPGP key available ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org
[ovirt-users] Re: oVirt: single host install
Hi, Simone Tiraboschi <stira...@redhat.com> writes: > On Mon, May 21, 2018 at 7:49 AM, <ov...@fateknollogee.com> wrote: > > Use case: small sites with a minimum number of vm's. > > Is there such a thing as a single host install? > > In the past we had the all-in-one mode but we deprecated it. > Now the suggested mode is hosted-engine since you could expand it adding other > hosts in the future. > I am running in this configuration and have had little problem. I migrated from an old vmware-server platform, and, modulo a few hiccups along the way and a few false starts as I was installing ovirt, it's been pretty stable for me! > Is it valid for production use? > > With a single host the upgrades will become more intrusive: without the > capability to migrate your VMs on other hosts at upgrade time, you will be > required to bring down everything. > This is true -- I have to bring everything down when I want to upgrade the system, especially the host itself. So I don't upgrade as often as I might if I had multiple hosts where I could migrate. > What kind of storage? > > NFS in loopback could be problematic, I'd suggest gluster in replica 1 or > iSCSI. I'm running loopback NFS and I've not encountered any issues. I've been running this way since 2016-10-22. I did not understand Gluster enough and wasn't sure how I could make a "replica 1" -- everything seemed to imply you *NEEDED* 3 gluster hosts. So I went with what I knew -- NFS. This might be problematic if I move forward to a multi-host platform as I'll have to "migrate" my storage -- specifically for hosted-engine -- which IIRC requires a re-install (or some other drastic measure). -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH warl...@mit.eduPGP key available ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org
Re: [ovirt-users] How to setup users to see a subset of VMs in oVirt
Hi, Jean Pickard <ggkkr...@gmail.com> writes: > Hello, > I need to create user accounts in oVirt that can only manage a specific set of > VMs and I don't want them to see any other ones. > example: > User1 can only see VM1, VM2, VM3, VM4 > User2 can only see VM5, VM6, VM7 > Admin can see all of them. > How do I accomplish this? Just set the permissions on the VMs. It works quite well. > Thank you, > > Payman Vazinkhoo -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Power off VM from VM portal
Hi, Alexandr Krivulya <shur...@shurik.kiev.ua> writes: > Hi, > > is there any way to power off VM from VM portal (4.2.1.7)? I can't > find "power off" button, just "shutdown". I don't know about 4.2, but in 4.1 and 4.0 there is a right-click context menu that gives you access to the Power Off feature. If that doesn't work (ISTR disucssion about removing that context menu), then there must be a different way to access it now. -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users